Control of the internet


#331

Not really, he’s lining up his post presidency income - speaking fees, endorsements, boardrooms, book tours from autobiographies etc. He’s following the example set by Reagan.


#332

J


#333

Good luck with WhatsApp - that’s now encrypted end-to-end.

As usual, there is zero technical sophistication to the suggested methods of attack.


#334

Suuure it is… I know it’s true because a cheerful popup told me so.

It’s a simple legal requirement – WhatsApp need to comply or potentially be in contempt of court when they are asked to allow interception. Assuming of course they have a presence in Ireland.

Not saying I agree with it, but the implementation basis isn’t problematic from that point of view.

Edit:
Remember that WhatsApp is a US corporation and is therefore legally obliged to provide lawful intercept capabilities to US LEO on request. So almost certainly they can already read your stuff.

In terms of actual technical implementation (not that this needs to be specified by the Irish government) I could see three approaches; First, I would think that you could have the client send its three secret keys up to the server when it receives a wiretap request. As I read it, these are then sufficient to wiretap any conversation with the user as long as you can see the conversation packets. Secondly, you could have the client add a hidden “wiretap” user to each conversation; the app already includes the capability for group messages, so you would simply create a “latent” group with a hidden additional member for each conversation. Alternatively (least elegantly but most foolproof) you could simply have the client send a copy of each cleartext received/sent message back to the server after decryption.

The latter two approaches have the advantage that you can truthfully claim that the conversations are encrypted end-to-end and that this encryption is unbreakable even by WhatsApp. The second is my favourite in terms of elegance.

People seem to think that things being “encrypted” is really important. It is, but it’s necessary but not sufficient. You have to remember that the software at both ends can necessarily decrypt the messages, and the software is completely controlled by WhatsApp and a black box. So all this “end to end encryption” stuff sounds great but doesn’t really stop them reading your stuff if they want.

Edit 2: A fourth obvious approach is to simply switch off decryption for the relevant user. App already contains fallback non-encrypted mode for talking to older clients. The way I read it, the sever can simply return no keys for the relevant user and all its received messages will be plaintext (and similar for sending).

There you go muirgheasa, just pick one and implement. Send me a build by Monday :smiley:


#335

No problem boss 8DD

Although… doesn’t that rather dramatically expose all of our users to having their data read by, you know, whoever…?

Not a current business priority, you say? Figures…


#336

I honestly have no idea but Rumours abound Snowden is dead.


#337

Nah. Just people being idiots.


#338

Not very plugged into this topic, but reading Die Zeit became aware of Jacob Appelbaum. en.wikipedia.org/wiki/Jacob_Appelbaum another anonymity/privacy/digital activist (tor, wikileaks, etc.,) now associated with sexual misconduct.

(although open questions there “On 11 August 2016, the German weekly Die Zeit published a lengthy investigation into the rape charges, including interviews with three people present at the scene of the alleged rape. None of these witnesses corroborated the claims made by the anonymous victim. The article also reports that a second falsely identified victim had demanded that her story be removed from the anonymous website.”)

The similarities to other cases, e.g. Assange, are weird (however, no legal case in progress here, just allegations and being excluded from groups as a result). You end up with high profile campaigners in this domain (Appelbaum, Snowden, Assange) being trapped in various versions of limbo/exile.


#339

Definitely not. He’s working on the checkout in my local Tesco, next aisle to Elvis.


#340

Looks like the Tor project is in the process of imploding, in some combination of sexual predation and/or SJWs hysteria among the staff, depending on who you ask. Key people are dropping out because they don’t “feel safe” and now there’s a call for a complete 1-day shutdown of all exit nodes to protest the way someone was treated. Twitter-based internet hysteria a la Gamergate.

Edit: didn’t see that Col Max posted about it above already.

Edit 2: Link: news.softpedia.com/news/internal … 7513.shtml


#341

Thanks Mantissa for the Gamergate reference, there’s ten minutes of my life I’ll never get back!!


#342

I’m guessing a few Pinsters need to change their passwords

InfoWars account details hacked, leaked


#343

:smiley:
For a site dedicated to paranoid fantasists, they’re quite naive about the internet!


#344

This just PROVES that the government is watching them.


#345

On topic literally… tomorrow the US cedes legal oversight and control of ICANN, which controls the domain name system. It was overseen by the US Dept of Commerce for historical reasons.

ICANN are your typical international body - full of politics and possibly worse, but at least this is recognising that the internet no longer belongs to the US government.


#346

FBI seized and operated 23 child porn sites in the “dark web” (about half the Tor child porn sites) and used them to infect visitors with malware to reveal their IPs.

arstechnica.com/tech-policy/2016 … from-them/

An interesting if controversial investigative technique. Also a reminder that Tor is a big LEO honeypot.


#347

Turns out they went for a variant of option three. Don’t say I didn’t warn you…


#348

The Vault7 release confirms this.

Irrespective of who the USA president is/was (Obama, Nixon, Bush, David Duke, Jane Fonda…) , ‘they’ simply weren’t go allow anyone to communicate with ‘they’ being able to eavesdrop on the conversation.

Unless you build the communications system yourself* (the physical layer and software/encryption etc…) then one cannot complain about being spied upon.

  • don’t feel too bad if one doesnt feel up to the task, those who are telecoms professionals couldn’t even build their own network themselves as part of their hobby.

#349

In fact, what the Vault7 leak actually implies (assuming it is accurate) is that even if you build your own communications system you will be spied upon. You would need to take extraordinary measures to avoid spying by a serious government actor.

On the other hand, you can probably assume that you’re far too boring for the CIA to be actively spying on you.


#350

Maybe so to the CIA, but not the NSA! 8DD