The Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sources
Technology
64
Beiträge
23
Kommentatoren
1.3k
Aufrufe
-
So you read the title and you know everything.
There is a liste of what they are accusing and their is no mention of internetThe elements of the investigation that have been communicated to us are staggering. Here are just some of the practices that are being misused as evidence of terrorist behavior6:
– the use of applications such as Signal, WhatsApp, Wire, Silence or ProtonMail to encrypt communications ;
– using Internet privacy tools such as VPN, Tor or Tails7 ;
– protecting ourselves against the exploitation of our personal data by GAFAM via services such as /e/OS, LineageOS, F-Droid ;
– encrypting digital media;
– organizing and participating in digital hygiene training sessions;
– simple possession of technical documentation.
But continue to invent reality. What are fact if not debatable point of view ?
That the end for me.
Have a great day.I don't know everything. Just because it's not explicitly listed today doesn't mean it won't be tomorrow. This was just created yesterday. And it does the same thing that all of those listed apps do: facilitates private communication.
-
Yes, the guardian app allows you to send encrypted messages through their app to their journalists. 100,000 people check the news, one person is whistleblowing. That one person's messaging traffic is mixed in with the regular news data, so it's not possible to tell which of those 100,000 people are the source. Signal messages travel through their servers, so anyone inspecting packets can see who is sending messages through signal, just not what the messages contain. Thats a big red arrow pointing to only people sending encrypted messages. With this implementation, those people are mixed in with everyone else just reading news or even just having the app on their device.
100,000 people check the news, one person is whistleblowing.
There are many many more people using Signal to yell at their kids to do the dishes or some shit. Not whistleblowing.
Thats a big red arrow pointing to only people sending encrypted messages.
Everyone is using encrypted messages...
-
Packet data has headers that can identify where it's coming from and where it's going to
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
This is also why something like Tor manages to circumvent packet sniffing
TOR is what their already-existing tip tool uses.
Would you? Are the headers encrypted?
-
Would you? Are the headers encrypted?
Does it matter? How would you get access to such information?
-
Packet data has headers that can identify where it's coming from and where it's going to
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
This is also why something like Tor manages to circumvent packet sniffing
TOR is what their already-existing tip tool uses.
Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?
That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know
TOR is what their already-existing tip tool uses.
Yes, but tor can be blocked at a firewall level, its packets are easy to identify. "Nations like China, Iran, Belarus, North Korea, and Russia have implemented measures to block or penalize Tor usage"
-
Does it matter? How would you get access to such information?
If the header isn't encrypted it'd be easy to inspect, and thus easy to determine where it goes, which is why it matters.
Based on your questions, it sounds like you're expecting the network traffic itself to be encrypted, as if there were a VPN. Does signal offer such a feature? My understanding is that the messages themselves are encrypted, but the traffic isn't, but I could be wrong.
-
If the header isn't encrypted it'd be easy to inspect, and thus easy to determine where it goes, which is why it matters.
Based on your questions, it sounds like you're expecting the network traffic itself to be encrypted, as if there were a VPN. Does signal offer such a feature? My understanding is that the messages themselves are encrypted, but the traffic isn't, but I could be wrong.
If the header isn't encrypted it'd be easy to inspect
Easy for whom? How are you getting access to the traffic info?
-
If the header isn't encrypted it'd be easy to inspect
Easy for whom? How are you getting access to the traffic info?
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
I'd say it's a pretty reasonable suggestion to say we start with those guys. If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
-
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
I'd say it's a pretty reasonable suggestion to say we start with those guys. If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
LOL no? I'd never blow the whistle on my employer from my desk. Even if I did, I would connect to a different network.
I recognize other people are not as conscious as I am of that vulnerability but you asked about me, specifically.
If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
Any number of other people. Primarily the government.
-
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
LOL no? I'd never blow the whistle on my employer from my desk. Even if I did, I would connect to a different network.
I recognize other people are not as conscious as I am of that vulnerability but you asked about me, specifically.
If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
Any number of other people. Primarily the government.
Any number of other people. Primarily the government.
Right, so if the header isn't encrypted, it'd be trivial for them to see who you're sending to, which is why that's important.
You never answered my question - do you think the network connection itself is encrypted? Or just the content of the messages?
-
No they can't.
E: if someone wants to provide evidence to the contrary instead of just downvoting and moving on, please, go ahead.
Here's a relevant stack exchange question.
Regarding what an ISP can learn. Of note, everybody is ceding that the ISP can tell you're using signal, and they've moved on to whether or not they'd be able to fingerprint your usage patterns. -
100,000 people check the news, one person is whistleblowing.
There are many many more people using Signal to yell at their kids to do the dishes or some shit. Not whistleblowing.
Thats a big red arrow pointing to only people sending encrypted messages.
Everyone is using encrypted messages...
I'm sorry you can't grasp this concept. I guess study a different subject.
-
Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf
If you want to blow the whistle on somebody and wonder if the Guardian is trustworthy I suggest you ask Julian Assange.
-
I don't know everything. Just because it's not explicitly listed today doesn't mean it won't be tomorrow. This was just created yesterday. And it does the same thing that all of those listed apps do: facilitates private communication.
Yeah but contrary to these listed, the judge know the guardian is a newspaper, they shouldn't be able to make him/her afraid in the same way they did.
-
Academic paper: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-999.pdf
Technical summary: it seems OK against an observer who can see the network traffic but hasn't infiltrated the phone of the source or the computer of the news organization.
Any real message is stored locally on the smartphone by the CoverDrop module and sent as the next CoverDrop message, i.e. replacing the dummy message which would otherwise have been sent. Consequently a network observer cannot determine whether any communication is taking place and CoverDrop therefore provides the potential source with plausible deniability.
The CoverNode and each journalist has their own public-private key pair. These keys are published by the news organization and available to the CoverDrop module directly so the user does not need know about them. When the CoverDrop module is used for the first time, it generates a new, random public-private key pair
for the user.All real CoverDrop messages sent by the CoverDrop module to the CoverNode include the text written by the potential source as well as their own public key. The message is first encrypted using the public key of the journalist who will ultimately receive the message, then encrypted a second time using the public key of the CoverNode. All dummy CoverDrop messages are encrypted using the public key of the CoverNode. All messages, real or dummy, are arranged to be the same, fixed length. Encryption and length constraints ensure that only the CoverNode can distinguish between real and dummy messages.
-
Technical summary: it seems OK against an observer who can see the network traffic but hasn't infiltrated the phone of the source or the computer of the news organization.
Any real message is stored locally on the smartphone by the CoverDrop module and sent as the next CoverDrop message, i.e. replacing the dummy message which would otherwise have been sent. Consequently a network observer cannot determine whether any communication is taking place and CoverDrop therefore provides the potential source with plausible deniability.
The CoverNode and each journalist has their own public-private key pair. These keys are published by the news organization and available to the CoverDrop module directly so the user does not need know about them. When the CoverDrop module is used for the first time, it generates a new, random public-private key pair
for the user.All real CoverDrop messages sent by the CoverDrop module to the CoverNode include the text written by the potential source as well as their own public key. The message is first encrypted using the public key of the journalist who will ultimately receive the message, then encrypted a second time using the public key of the CoverNode. All dummy CoverDrop messages are encrypted using the public key of the CoverNode. All messages, real or dummy, are arranged to be the same, fixed length. Encryption and length constraints ensure that only the CoverNode can distinguish between real and dummy messages.
To sum it up even more : this looks like standard end-to-end encryption, but any app user have the same network traffic, completed with fake data if no communication is needed.
-
Yeah but contrary to these listed, the judge know the guardian is a newspaper, they shouldn't be able to make him/her afraid in the same way they did.
Yeah but contrary to these listed, the judge know the guardian is a newspaper
The logic does not check out. Signal isn't going to integrate a news section and then suddenly be exempt from this regulation.
-
Yeah but contrary to these listed, the judge know the guardian is a newspaper
The logic does not check out. Signal isn't going to integrate a news section and then suddenly be exempt from this regulation.
It show you didn't read, I am explaining the article piece by piece. They used the lost a gave you to convince a judge it was a terrorist behavior. It is not forbidden to crypt things. And they would not have been able to convince a judge the news application guardian is a terrorist tool.
And I am bad a English so I am trying to resume a English article to you in broken English. I am sure I use the wrong word and as long as you don't read you can keep playing me. You are taking more time debating things I have an hard time explain than reading the article.
Do you wan me to copy paste in entirely here so you can avoid one click ? -
It show you didn't read, I am explaining the article piece by piece. They used the lost a gave you to convince a judge it was a terrorist behavior. It is not forbidden to crypt things. And they would not have been able to convince a judge the news application guardian is a terrorist tool.
And I am bad a English so I am trying to resume a English article to you in broken English. I am sure I use the wrong word and as long as you don't read you can keep playing me. You are taking more time debating things I have an hard time explain than reading the article.
Do you wan me to copy paste in entirely here so you can avoid one click ?I read the entire thing. I don't need it explained to me. It's clear just by looking at it that they're targeting all encrypted communications.
And they would not have been able to convince a judge the news application guardian is a terrorist tool.
I think it's pretty obvious that they could.
-
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Why would you expect any form of privacy on a device you don't own?
