[Cryptography] Signal chat fallout.
Ray Dillinger
bear at sonic.net
Sat Mar 29 17:20:33 EDT 2025
On 3/29/25 03:02, iang wrote:
> Yes, exactly - the military (and other closed tight groups) are the
> exception. But, these were civilians. They weren't a member of any tight
> closed group on which you could use the classical cryptographic methods.
> Hence, the obvious happened - the system that was built assuming tight,
> closed groups of disciplined people was ignored, and they all defaulted
> to signal. If they tighted up signal to solve this problem (which is
> possible) then chances are, the users would switch to something else...
I'm not buying "they were civilians."
They were highly placed members of the US government. Entire teams of
people in Russia, China, North Korea, Europe, Saudia Arabia, Iran, Iraq,
Japan, and EVERYWHERE ELSE IN THE WORLD are tasked specifically with
getting into their phones, monitoring the movements of their phones,
harvesting phone data from everybody who they might have in their
contact lists, doing whatever psyop or spoof is necessary to get them to
install stupid snoopy backdoors that can be taken advantage of,
harvesting metadata about every text and call they make, and getting
their hardware and software backdoored by any means possible.
Seriously. Think hundreds of smart, motivated people, active 24 hours a
day, EVERY DAMN DAY FOR YEARS, with the resources of entire nations
behind them, supported by high-powered software reverse engineering
top-secret tools, software development companies to place backdoors in
the next version of an app they use, etc, companies that assemble the
electronics that go into their phones, companies that manufacture the
components that go into their phones, and everything else you can think
of. Just trying to get any and all info about or from their damn phones.
If ANY of those phones were secure, it's because hundreds of dedicated
people with vast resources available, all failed in their jobs.
These are people who, because of their offices, have flatly no chance of
ever being able to trust their phones to keep anything secret. And
these are people who are told they have no chance of being able to trust
their phones by the security staff the first day they show up for work,
and reminded of it on a regular basis. They have the absolute need for
real security, and they are as well-known and verifiable because of
their jobs as any member of the military is because of that job.
Bear
More information about the cryptography
mailing list