The Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sources
Technology
59
Beiträge
22
Kommentatoren
3
Aufrufe
-
No they can't.
E: if someone wants to provide evidence to the contrary instead of just downvoting and moving on, please, go ahead.
It's called traffic analysis
-
For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Say you’re trying to break a story, who are you going to message with signal?
...The Guardian?
Because you’re going to need to get that contact info somehow right?
Use your browser? These are strange questions.
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Did you notice that I used the past tense?
-
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Use a different device? Use Molly? Use any number of other apps? What's to stop the MDM from blocking The Guardian app?
-
It's called traffic analysis
It's called encryption
-
It's called encryption
Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.
-
It's called encryption
I run a cryptography forum
Encryption doesn't hide data sizes unless you take extra steps
-
I saw the headline and was ready to rage about why they should just use signal instead. Then I read the article and honestly this is a fucking genius use of tech
Yeah this is insanely good
-
It's called encryption
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"
Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.
-
Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf
The Guardian launches Secure Messaging, a world-first from a media organisation, in collaboration with the University of Cambridge
Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism.
The Guardian has published the open source code for this important tech to enable adoption by other media organisations.the Guardian (www.theguardian.com)
The tech behind the tool conceals the fact that messaging is taking place at all. It makes the communication indistinguishable from data sent to and from the app by our millions of regular users.
Reminds me of how the Germans in WW1 knew they couldn't trust their diplomatic codes anymore so they just sent the important messages in the normal, innocuous telegraph system and diplomatic pouches. They knew that foreign intelligence would be focused on the bogus secure messages.
-
analysing network traffic wouldn't allow an adversary to see what you're sending with Signal
How are they analyzing network traffic with Signal? It's encrypted. And why does it matter if they know you're sending a message? Literally everyone using Signal is sending a message.
How are they analyzing network traffic with Signal? It's encrypted
Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.
But you still gotta send it through the mail. That's the network traffic analysis that can be used.
Here's an example of why that could be bad.
-
It isn't.
Criminalization of encryption : the 8 december case
This article was written on the basis of information related to the so-called "8 December" case (see the footnotes for a global overview of the case, we focus on the "numerical part" of it in this article
For a summary of the 8 December affair see in particular the testimonies available in thi 
La Quadrature du Net (www.laquadrature.net)
For France, Your a terroriste if you use signal
-
Criminalization of encryption : the 8 december case
This article was written on the basis of information related to the so-called "8 December" case (see the footnotes for a global overview of the case, we focus on the "numerical part" of it in this article
For a summary of the 8 December affair see in particular the testimonies available in thi
La Quadrature du Net (www.laquadrature.net)
For France, Your a terroriste if you use signal
Then you're also a terrorist if you use The Guardian
️ -
It's called encryption
How dumb are you? Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though. Pretty easy to comprehend so I am confused why you are acting so stupid.
-
Criminalization of encryption : the 8 december case
This article was written on the basis of information related to the so-called "8 December" case (see the footnotes for a global overview of the case, we focus on the "numerical part" of it in this article
For a summary of the 8 December affair see in particular the testimonies available in thi
La Quadrature du Net (www.laquadrature.net)
For France, Your a terroriste if you use signal
Then you're a terrorist if you use the internet, period
Nearly all internet traffic if encrypted, and for plain browser traffic it's probably in the 95+%
You access your bank? Terrorist! Email? Terrorist! Lemmy? Terrorist!
-
How dumb are you? Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though. Pretty easy to comprehend so I am confused why you are acting so stupid.
Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though.
The entire point of the article in the OP is that you can send secured messages with The Guardian app.
️ -
Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.
Packet data has headers that can identify where it's coming from and where it's going to
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
This is also why something like Tor manages to circumvent packet sniffing
TOR is what their already-existing tip tool uses.
-
Then you're a terrorist if you use the internet, period
Nearly all internet traffic if encrypted, and for plain browser traffic it's probably in the 95+%
You access your bank? Terrorist! Email? Terrorist! Lemmy? Terrorist!
I dunno, I am not the French state. I can only see that they think the usage of signal is making you a terrorist.
-
Then you're also a terrorist if you use The Guardian
️I dont' know, do you have sources about this ?
Or are you imagining thing and deciding it is true ? -
I dont' know, do you have sources about this ?
Or are you imagining thing and deciding it is true ?Sources for what, exactly? What is "fantasming"? The title of the article you posted is "Criminalization of encryption". The Guardian is using encryption to send messages, so why would they be exempt? In fact, why would any internet use at all not be criminalized? It's all encrypted.
-
Packet data has headers that can identify where it's coming from and where it's going to
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
This is also why something like Tor manages to circumvent packet sniffing
TOR is what their already-existing tip tool uses.
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
You mean like your workplace wifi that you're blowing the whistle at?
