this post was submitted on 08 May 2024
236 points (80.6% liked)

Privacy

32177 readers
405 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Here's what he said in a post on his telegram channel:

🤫 A story shared by Jack Dorsey, the founder of Twitter, uncovered that the current leaders of Signal, an allegedly “secure” messaging app, are activists used by the US state department for regime change abroad 🥷

🥸 The US government spent $3M to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype. It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference 🐕‍🦺

🕵️‍♂️ An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”. That, however, is a trick 🤡

🕵️‍♂️ Unlike Telegram, Signal doesn’t allow researchers to make sure that their GitHub code is the same code that is used in the Signal app run on users’ iPhones. Signal refused to add reproducible builds for iOS, closing a GitHub request from the community. And WhatsApp doesn’t even publish the code of its apps, so all their talk about “privacy” is an even more obvious circus trick 💤

🛡 Telegram is the only massively popular messaging service that allows everyone to make sure that all of its apps indeed use the same open source code that is published on Github. For the past ten years, Telegram Secret Chats have remained the only popular method of communication that is verifiably private 💪

Original post: https://t.me/durov/274

you are viewing a single comment's thread
view the rest of the comments
[–] NotMyOldRedditName@lemmy.world 46 points 6 months ago (3 children)

You don't need a backdoor in signal to bypass its encryption.

All you need is to exploit the phone and wait for them to open or use signal.

If you think your phone is safe from the NSA or similar services, I got some bad news for you.

[–] Greg@lemmy.ca 5 points 6 months ago (1 children)

I'm 100% secure, I have Nord VPN

[–] RGB3x3@lemmy.world 11 points 6 months ago (1 children)

This comment sponsored by NordVPN

[–] Greg@lemmy.ca 6 points 6 months ago (1 children)

I forgot to post an affiliate link and explain how routing all your internet traffic though one company equals security

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 6 months ago

routing all your internet traffic though one company

You mean my ISP which is known to monitor, censor, keep logs, and sell my info or Mullvad who hasn't been caught doing that yet?

[–] rottingleaf@lemmy.zip 3 points 6 months ago (1 children)
[–] NotMyOldRedditName@lemmy.world 1 points 6 months ago (1 children)

It'd almost like... phones aren't secure.

[–] rottingleaf@lemmy.zip 1 points 6 months ago

Nothing is against the attack described TBF.

Say, if I run only OpenBSD, carefully selecting non-base applications, with tightened setup and so on, the baddies may just come when I'm not at home and flash a trojan into my laptop's UEFI.

Well, it's easier with phones because these likely already have plenty of backdoors to do this remotely, available only for nation-states.

I'm starting to like the taste of this "conspiracy theorist" thing.

[–] emergencyfood@sh.itjust.works 3 points 6 months ago (1 children)

All you need is to exploit the phone and wait for them to open or use signal.

Physical access is root access. But just because you can't make something NSA-proof dosen't mean you can't make it bloody difficult to break into.

[–] NotMyOldRedditName@lemmy.world 2 points 6 months ago* (last edited 6 months ago)

There's been enough zero day remote exploits that there's bound to be more.

Pretty sure there's more than 1 about receiving an SMS and the payload rooting the phone and you not even knowing it happened. At least 1 but I think 2 or more.

Something about a malicious image also rooting a phone.

It goes on and on and phones don't always get security updates.

You can do your best, but then longer you use a given phone the higher the risk. That's why people switch out phones frequently when doing shady or important shit