The CEO also claims that users’ Signal messages have popped up in court cases or in the media, and implies that this has happened because the app’s encryption isn’t completely secure. However, Durov cites “important people I’ve spoken to” and doesn’t mention any specific instance of this happening.
[…]
The Register could not find public reports of Signal messages leaking due to faulty encryption.
Claims made without evidence can be dismissed without evidence.
Durov’s entire criticism seems to be based on implications and have no actual evidence of any technical problems with Signal. He’s basically just throwing shade at a competing business, which amounts to whining.
I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
In general, people are wise to use ciphers and protocols that have been examined by the global cryptography community and have held up to that scrutiny.
The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.
The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)
It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?
Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
From the very start rather.
And there’s been a few cases where not FSB, but mundane police was reading suspects’ messages before arresting them.
Don’t trust Telegram, I use it because, eh, most people use either that or VK DMs in Russia as the default IM. But never trust it for something which should be secret.
You can even have “opposition”-themed channels there or call for rebellions, but don’t ever expect anything to be secret or even pseudonymous. Even without ill intent regularly flaws are found which allow to get a lot of information, and the code quality is sewer-level.
It's not as if encryption would stop them being able to infiltrate and observe criminal gangs, and generally catch the bad guys. There are all kinds of other tools they can use without having instant push-button access to all communications data.
Encryption doesn't stop them spying on you. It stops them spying on everyone in the world simultaneously all the time with no effort.
There are an incredible number of OPSEC mistakes E2EE using criminals make. It is largely about incompetence, and in some cases maliciousness as well for the elites who love this stuff. And they exist a lot among reactionary leftists, “freedom” libertarians, liberal/centrists and right wing elites.
Some reporter(s?) in Germany found that all the forums for CSA actually host their material in the clearnet, i.e. on Google Drive, Dropbox, etc. (since TOR speeds are shit and those people don’t watch SD videos anymore).
The police could have demanded data from the uploading accounts and that the material was taken offline. They refused to do so, in order to “catch more criminals” or something like that.
So, their “think of the children” is exactly as in the spirit of Helen Lovejoy as it seems.
They also openly use youtube for distributing passwords and pastebin links to such content. I have seen multiple channels from a specific country (starts with I) that does this, sometimes going so far as to flash a single letter of the password at a time throughout innocent-looking childrens videos, with the encrypted pastebin link on the last video that requires the full password to unlock. Some others on a site I will not name have been trying to report these channels for several days (they have actually been operating for years with millions of views) but youtube isn’t doing anything. Only company who has done anything was mediafire for removing some actual content.
If e2ee is what is really keeping you from catching child abusers, then your department is INCOMPETENT and LAZY. Sorry, but all this does is tell me that you are a piece of shit human being(s) that thinks they have to have god-like controls to do your job of jailing actual criminals. or else it’s just an excuse to control everything (it is), in which case you are just evil
Yeah, well, they couldn’t “shut it down” before E2E encryption, either, so, obviously, the problem isn’t necessarily the encryption, but that the cops suck at their jobs.
“We couldn’t really catch them before, but now we can’t real their text messages! Merde!”
Apple – which advertises Safari as “incredibly private” – evidently has undermined privacy among European Union Safari users through a marketplace-kit: URI scheme that potentially allows approved third-party app stores to follow those users around the web.
I don’t see Apple deliberately sabotaging their platform to maliciously comply and blame the regulation for making users less safe. This was probably an error caused by quick development to comply within a set timeline that will be resolved in the future through software changes.
I’d say it’s probably an oversight. I don’t want to downplay this, it definitively needs to be addressed in some way. But it’s not like there are many marketplaces out there yet (so far the only one I know of is AltStore PAL, and I doubt the creator is out there to track a bunch of people’s web activities).
theregister.com
Newest