• 2pt_perversion@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    19 days ago

    Hear me out, maybe we should update pots and sms to have optional end-to-end encryption for modern implementations as well…Optional as backwards compatible and clearly shown as unencrypted when used that way to be clear.

  • iknowitwheniseeit@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    19 days ago

    From RFC 2804:

    • The IETF believes that adding a requirement for wiretapping will make affected protocol designs considerably more complex. Experience has shown that complexity almost inevitably jeopardizes the security of communications even when it is not being tapped by any legal means; there are also obvious risks raised by having to protect the access to the wiretap. This is in conflict with the goal of freedom from security loopholes.

    https://datatracker.ietf.org/doc/rfc2804/

    This was written in 2000 in response to US government requests to add backdoors to voice-over-IP (VoIP) standards.

    It was recognized 25 years ago that having tapping capabilities is fundamentally insecure.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      19 days ago

      You don’t need technical knowledge to see the problem.

      If you live in an apartment and your landlord has a master key, then all an attacker needs to do is get that master key. In an apartment complex, maybe that’s okay because who’s going to break in to the landlord’s office? But on the internet, tons of people are trying to break in every day, and eventually someone will get the key.

      Even for the landlord, I’d rather them have a copy of my key than a master key, because that way they’d need to steal my key specifically.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    19 days ago

    On January 20th: The cyberattack is coming from inside the house!

    Dumbfuck and his cronies now have access to PRISM and ECHELON. Again.

  • A_A@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    20 days ago

    What i read [and corrected] from the article :

    “The hacking campaign [group], nicknamed [ by Microsoft ] Salt Typhoon by Microsoft,
    [ this actual campaign of attacks ] is one of the largest intelligence compromises in U.S. history, and not yet fully remediated. Officials in a press call Tuesday [ 2024-12-3 ] refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had previously told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.”

  • katy ✨@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    19 days ago

    until the republicans ban them so they can find queer kids and pregnant people getting healthcare and people reading books

        • daniskarma@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          It let you send videos to someone over the grindr limit.

          Please don’t ask how I know that grindr only let you send 10 short videos per day.

        • JasonDJ@lemmy.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          18 days ago

          There’s no fediverse replacement for Grindr yet? I’m honestly surprised.

          There should at least be an OSS one though right? Like an OpenGrindr? Or a LibreGrindr?

          • universalfriend@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            18 days ago

            We were looking into federated+floss MatchGroup alternatives last week, and didn’t find much of anything.
            Most compelling was that some people are using matrix spaces to facilitate dating/hookups, but I imagine those spaces have similar pitfalls to Discord “dating”.
            Something akin to OkCupid back when it was owned by Humor Rainbow would be pretty popular, imo.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        Yup. The Apple-FBI encryption dispute started under Obama, as did the Snowden leak.

        Neither party is particularly pro-encryption, because governments in general see encryption by the public a hurdle for their operations (i.e. you don’t need encryption if you have nothing to hide).

        Encryption isn’t a partisan issue, and my understanding is that both major parties suck about equally on this issue.

        • surph_ninja@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          It’s a wonder they’re not also trying to outlaw printing presses at this point. They openly believe that we are not entitled to private conversations.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            It seems we’re moving that direction. Physical media in video games is becoming less and less common, more and more stores are digital only (and Google made a deal w/ Mastercard to get that data), and ebooks are likely to overtake physical books in the near-ish future.

            Guess where all that data ends up? The government can just pay retailers to get transaction data, so if the police wants to dig up dirt on you, it’s easier than ever.

            That’s pretty messed up IMO, and I’m not happy with this trend given where privacy protections are at these days…

            • surph_ninja@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              19 days ago

              Yep. We need a very strict law to prevent the government from partnering with private companies to get around the fourth amendment. The third party doctrine has obliterated our privacy rights.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                0
                ·
                19 days ago

                Agreed. If there’s anything we should collectively push for, it’s a constitutional recognition to a right to privacy. That’s what Roe v Wade was based on, and it was overturned because it wasn’t constitutionally defensible. The 4th amendment sadly isn’t sufficient, we need to take it a step further.

                • futatorius@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  19 days ago

                  The Ninth Amendment, if actually followed, would put the burden on the government to prove that something was not a right, rather than just denying it because it wasn’t enumerated in the Constitution. The current Supreme Court has directly contradicted the Ninth by claiming that only enumerated rights are really rights. Except when they make up new ones like corporate personhood.

      • zzx@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        Dumb people are down voting you despite the fact that you’re 1000000% correct.

        Leftists need to stop defending the Democratic party so hard, it’s making them look like neo liberals

        • ByteOnBikes@slrpnk.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          19 days ago

          Wait what? You know that leftists dislike Democrats, right?

          Are you really not aware they are two different things?

          • UnderpantsWeevil@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            You know that leftists dislike Democrats, right?

            They’re classic Frienamies. Every two years, they hold their noses while screaming “I hate this! I hate this! I hate you all!” and pull the lever for the party. Then the party either wins, thanks to all the Michael Bloombergs and Liz Cheneys who guided the party successfully to the right. Or the party loses, thanks to all the civil rights activists and environmentalists and train lovers who made Whitey McDickweasel look like a Communist.

            Leftists are the Dems’ most loyal voters and their most bitter enemies.

          • zzx@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            I’m aware yet I’ve been seeing so many so-called lefties going crazy for the DNC.

            I think the desperation and need to defeat Trump has led to a lot of “blind acceptance” of Democrats

        • UnderpantsWeevil@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          Leftists need to stop defending the Democratic party

          The joke of it is you’re either with the Democratic Party or you’re a hyper-authoritarian anti-democratic Russia/China loving Tankie. You will eat your police state and you will like it, because otherwise the Bigger Fascists will win.

        • surph_ninja@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          It’s just treated like team sports for so many people. It doesn’t matter what the team does, it’s offensive to them to criticize it at all.

      • Eezyville@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        The Snowden leaks came out when Obama was president. Obama was the one who said, “The only people who don’t want to disclose the truth are people with something to hide”. The republicans and democrats are the same fucking people.

        • UnderpantsWeevil@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          The republicans and democrats are the same fucking people.

          In many cases, literally. From Michael Bloomberg and Liz Cheney to Donald Trump and Joe Manchin, the number of cross-overs and turn-coats who end up getting into leadership in their opponent’s parties is absolutely crazy. The Nixonian Southern Strategy did one thing brilliantly. It completely crossed the wires of the partisan voter for three generations to the benefit of the corporate oligarchs who get to play both ends against the middle.

          • futatorius@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            It goes on long before that. The Dixiecrats were as conservative as the Republicans, and more racist than some Republicans.

      • prole@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        19 days ago

        All that happens under Dems, too

        Fucking what? Which democrats are banning books and putting together lists of trans children?

        And no, I’m not a fan of the DNC, I’m just not a fucking dishonest piece of shit.

  • mox@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    20 days ago

    End-to-end encryption is indispensable. Our legislators (no matter where we live) need to be made to understand this next time they try to outlaw it.

  • Maeve@kbin.earth
    link
    fedilink
    arrow-up
    0
    ·
    20 days ago

    Oh gee, forcing companies to leave backdoors for the government might compromise security, everyone. Who’d have thunk it? 🤦

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      19 days ago

      We’ve long had NSA slides that showed Tor and e2ee solutions as “disastrous” to their visibility.

      • Sparkega@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        I read Molly is forked from Signal. Can I message Signal users from Molly, or do all parties need Molly?

    • zergtoshi@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      19 days ago

      Yes, like Signal!
      Which does not only use end-to-end encryption for communication, but protects meta data as well:

      Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

      Source: https://signal.org/blog/signal-is-expensive/

      I haven’t verified that claim investigating the source code, but I’m positive others have.

  • futatorius@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    19 days ago

    There’s been a lot of good research done lately on how to achieve trusted communication on untrusted platforms and over untrusted channels. Encryption is a big part of that.

    And there are a number of scenarios where the ISP creates a hostile environment without having been compromised by an external actor. A malicious government, for example, or an ISP wanting to exploit customer communications for commercial reasons.

  • circuitfarmer@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    19 days ago

    It’s probably also good practice to assume that not all encrypted apps are created equal, too. Google’s RCS messaging, for example, says “end-to-end encrypted”, which sounds like it would be a direct and equal competitor to something like Signal. But Google regularly makes money off of your personal data. It does not behoove a company like Google to protect your data.

    Start assuming every corporation is evil. At worst you lose some time getting educated on options.

    • s_s@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      19 days ago

      End-to-end encryption matters if your device isn’t actively trying to sabotage your privacy.

      If you run Android, Google is guilty of that.

      If you run Windows in a non-enterprise environment Microsoft is guilty of that.

      If you run iOS or MacOS, Apple is (very likely) guilty of that.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      19 days ago

      End to end is end to end. Its either “the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them” or it’s not.

      Signal is a more trustworthy org, but google isn’t going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

      • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        19 days ago

        End to end could still - especially with a company like Google - include data collection on the device. They could even “end to end” encrypt sending it to Google in the side channel. If you want to be generous, they would perform the aggregation in-device and don’t track the content verbatim, but the point stands: e2e is no guarantee of privacy. You have to also trust that the app itself isn’t recording metrics, and I absolutely do not trust Google to not do this.

        They make so of their big money from profiling and ads. No way they’re not going to collect analytics. Heck, if you use the stock keyboard, that’s collecting analytics about the texts you’re typing into Signal, much less Google’s RCS.

      • zergtoshi@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        19 days ago

        Signal doesn’t harvest, use, sell meta data, Google may do that.
        E2E encryption doesn’t protect from that.
        Signal is orders of magnitude more trustworthy than Google in that regard.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          Agreed. That still doesnt mean google is not doing E2EE for its RCS service.

          Im not arguing Google is trustworthy or better than Signal. I’m arguing that E2EE has a specific meaning that most people in this thread do not appear to understand.

      • MonkderVierte@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        19 days ago

        End to end matters, who has the key; you or the provider. And Google could still read your messages before they are encrypted.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          You have the key, not the provider. They are explicit about this in the implementation.

          They can only read the messages before encryption if they are backdooring all android phones in an act of global sabotage. Pretty high consequences for soke low stakes data.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          19 days ago

          Yup, they can read anything you can, and send whatever part they want through Google Play services. I don’t trust them, so I don’t use Messenger or Play services on my GrapheneOS device.

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        They do encrypt it and they likely dont send the messages unencrypted.

        Likely what’s happening is they’re extracting keywords to determine what you’re talking about (namely what products you might buy) on the device itself, and then uploading those categories (again, encrypted) up to their servers for storing and selling.

        This doesn’t invalidate their claim of e2ee and still lets them profit off of your data. If you want to avoid this, only install apps with open source clients.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          19 days ago

          E2EE means a 3rd party cant extract anything in the messages at all, by definition.

          If they are doing the above, it’s not E2EE, and they are liable for massive legal damages.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            0
            ·
            19 days ago

            Thats not what it means. It means that a third party cannot decrypt it on their servers.

            Of course if the “third party” is actually decrypting it on your device, then they can read the messages. I dont know why this is not clear to you.

      • CatLikeLemming@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        Note that it doesn’t mean metadata is encrypted. They may not know what you sent, but they may very well know you message your mum twice a day and who your close friends are that you message often, that kinda stuff. There’s a good bit you can do with metadata about messages combined with the data they gather through other services.

    • kingthrillgore@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      19 days ago

      If its not Open Source and Audited yearly, its compromised. Your best option for secure comms is Signal and Matrix.

    • mox@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      20 days ago

      When a whole nation’s communications are intercepted by another entity, yes, the bad part is that it’s another nation. Especially an adversarial one.

      This is not about individuals’ personal privacy. It’s about things that happen at a much larger scale. For example, leverage for political influence, or leaking of sensitive info that sometimes finds its way into unsecured channels. Mass surveillance is powerful.

      • treadful@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        20 days ago

        RTFA

        The third has been systems that telecommunications companies use in compliance with the Commission on Accreditation for Law Enforcement Agencies (CALEA), which allows law enforcement and intelligence agencies with court orders to track individuals’ communications. CALEA systems can include classified court orders from the Foreign Intelligence Surveillance Court, which processes some U.S. intelligence court orders.

      • stinky@redlemmy.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        20 days ago

        Wouldn’t surprise me. “We’re doing this to be helpful to you!” is actually moustached disney villain behavior.

        ^ similar to the prisoners with cats gimmick. “look how nice we’re being to our prisoners” is actually “stop yelling at your bunkmate or we’ll take away your cat”

  • Imgonnatrythis@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    20 days ago

    The US gov should provide us with their own encryption app to protect us and just have a backdoor only they can access so they can keep an eye on any baddies! #Igotnothingtohide #amiright #muricafuckyeah