338
Love seeing open source projects from companies that aren't specifically tech firms
I saw the headline and was ready to rage about why they should just use signal instead. Then I read the article and honestly this is a fucking genius use of tech
I read it and don't understand. Why is this better than Signal? Or the 500 other secure file/messaging protocols?
Jabber seemed to work perfectly for Snowden...
Because analysing network traffic wouldn't allow an adversary to see what you're sending with Signal, but they could still tell you're sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you're accessing news.
I downloaded the guardian app and couldn't find the option.
analysing network traffic wouldn't allow an adversary to see what you're sending with Signal
How are they analyzing network traffic with Signal? It's encrypted. And why does it matter if they know you're sending a message? Literally everyone using Signal is sending a message.
Using an encrypted messaging app could itself be a red flag, using a news app is normal behavior.
It isn't.
It's a red flag to those who think you're going to share internal info.
Or it's just a perfectly normal thing that billions of people do every day?
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Use a different device? Use Molly? Use any number of other apps? What's to stop the MDM from blocking The Guardian app?
load more comments
(5 replies)
https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/
For France, Your a terroriste if you use signal
Then you're also a terrorist if you use The Guardian 🤷♂️
I dont' know, do you have sources about this ? Or are you imagining thing and deciding it is true ?
Sources for what, exactly? What is "fantasming"? The title of the article you posted is "Criminalization of encryption". The Guardian is using encryption to send messages, so why would they be exempt? In fact, why would any internet use at all not be criminalized? It's all encrypted.
So you read the title and you know everything. There is a liste of what they are accusing and their is no mention of internet
The elements of the investigation that have been communicated to us are staggering. Here are just some of the practices that are being misused as evidence of terrorist behavior6:
– the use of applications such as Signal, WhatsApp, Wire, Silence or ProtonMail to encrypt communications ;
– using Internet privacy tools such as VPN, Tor or Tails7 ;
– protecting ourselves against the exploitation of our personal data by GAFAM via services such as /e/OS, LineageOS, F-Droid ;
– encrypting digital media;
– organizing and participating in digital hygiene training sessions;
– simple possession of technical documentation.
But continue to invent reality. What are fact if not debatable point of view ? That the end for me. Have a great day.
I don't know everything. Just because it's not explicitly listed today doesn't mean it won't be tomorrow. This was just created yesterday. And it does the same thing that all of those listed apps do: facilitates private communication.
Yeah but contrary to these listed, the judge know the guardian is a newspaper, they shouldn't be able to make him/her afraid in the same way they did.
Yeah but contrary to these listed, the judge know the guardian is a newspaper
The logic does not check out. Signal isn't going to integrate a news section and then suddenly be exempt from this regulation.
load more comments
(2 replies)
Timing of messages. They can't tell what you send, but can tell when
No they can't.
E: if someone wants to provide evidence to the contrary instead of just downvoting and moving on, please, go ahead.
It's called traffic analysis
It's called encryption
Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.
Packet data has headers that can identify where it's coming from and where it's going to
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
This is also why something like Tor manages to circumvent packet sniffing
TOR is what their already-existing tip tool uses.
Wouldn't you have to have some sort of MITM to be able to inspect that traffic?
You mean like your workplace wifi that you're blowing the whistle at?
Would you? Are the headers encrypted?
Does it matter? How would you get access to such information?
If the header isn't encrypted it'd be easy to inspect, and thus easy to determine where it goes, which is why it matters.
Based on your questions, it sounds like you're expecting the network traffic itself to be encrypted, as if there were a VPN. Does signal offer such a feature? My understanding is that the messages themselves are encrypted, but the traffic isn't, but I could be wrong.
If the header isn't encrypted it'd be easy to inspect
Easy for whom? How are you getting access to the traffic info?
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
I'd say it's a pretty reasonable suggestion to say we start with those guys. If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
You're talking about encryption and signal because you're worried about folks whose network you're connected to being able to invade your privacy, right?
LOL no? I'd never blow the whistle on my employer from my desk. Even if I did, I would connect to a different network.
I recognize other people are not as conscious as I am of that vulnerability but you asked about me, specifically.
If you don't worry about those guys, who do have access to traffic info, then why bother with encryption?
Any number of other people. Primarily the government.
load more comments
(1 replies)
Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?
That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know
TOR is what their already-existing tip tool uses.
Yes, but tor can be blocked at a firewall level, its packets are easy to identify. "Nations like China, Iran, Belarus, North Korea, and Russia have implemented measures to block or penalize Tor usage"
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"
Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.
I run a cryptography forum
Encryption doesn't hide data sizes unless you take extra steps
load more comments
(5 replies)
load more comments
(1 replies)
How are they analyzing network traffic with Signal? It's encrypted
Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.
But you still gotta send it through the mail. That's the network traffic analysis that can be used.
Here's an example of why that could be bad.
For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Say you’re trying to break a story, who are you going to message with signal?
...The Guardian?
Because you’re going to need to get that contact info somehow right?
Use your browser? These are strange questions.
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Did you notice that I used the past tense?
Messaging protocols already resemble the frameworks that come out from time to time. And their effectiveness is due to the fact that they require a certain quota of users.
It's just a secure messaging app with a direct line to Guardian journalists. How to use 911 or special numbers when you're not feeling well.
Yeah this is insanely good
Similar to other apps, CoverDrop only provides limited protection on smartphones that are fully compromised by malware, e.g., Pegasus, which can record the screen content and user actions.
Horrible name sadly
If you want to blow the whistle on somebody and wonder if the Guardian is trustworthy I suggest you ask Julian Assange.
view more: next ›
this post was submitted on 23 Jun 2025
338 points (100.0% liked)
Technology
72764 readers
1273 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS