• phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    130
    ·
    16 days ago

    The US Govt 5 years ago: e2e encryption is for terrorists. The govt should have backdoors.

    The US Govt now: Oh fuck, our back door got breached, everyone quick use e2e encryption asap!

    • theherk@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      16 days ago

      Different parts of the government. Both existed then and now. There has for a long time been a substantial portion of the government, especially defense and intelligence, that rely on encrypted comms and storage.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      16 days ago

      More like 23 years ago when the Patriot Act was signed, and every time it has been re-authorized/renamed since. Every President since Bush Jr. is complicit, and I’m getting most of them in the previous 70-ish years (or more) wish they could’ve had that bill as well.

    • zergtoshi@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      16 days ago

      Yes, like Signal!
      Which does not only use end-to-end encryption for communication, but protects meta data as well:

      Signal also uses our metadata encryption technology to protect intimate information about who is communicating with whom—we don’t know who is sending you messages, and we don’t have access to your address book or profile information. We believe that the inability to monetize encrypted data is one of the reasons that strong end-to-end encryption technology has not been widely deployed across the commercial tech industry.

      Source: https://signal.org/blog/signal-is-expensive/

      I haven’t verified that claim investigating the source code, but I’m positive others have.

  • Lost_My_Mind@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    ·
    16 days ago

    Everybodies aunt at thanksgiving:

    “I should be fine. I only trust the facebook with my information. Oh, did I tell you? We have 33 more cousins we didn’t know about. I found out on 23andme.com. All of them want to borrow money.”

  • Obinice@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    16 days ago

    Real encrypted apps, …or just the ones their own government can use to spy on them?

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    23
    ·
    16 days ago

    On January 20th: The cyberattack is coming from inside the house!

    Dumbfuck and his cronies now have access to PRISM and ECHELON. Again.

    • spyd3r@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      15 days ago

      I use some decoder ring I found in a cereal box, it’s totally secure.

      B̷̡̡̢̧̺̩̝̤̜̪̰͖̻̗͇͓͙͍̦̹̹͚̠̲͔͕̫̤͎̳̱̦̜̖̤͙̎͌͑̂̿̋͐͂̉͜͜͜ͅe̸̺̠̰̋̐͑͒͗͑̑͂̿͑͘͠͝ ̴̡̨̢̨̨̡̯̺̤̝͇̠̯͚͇̰͈͙͍͕̖͕͖̜̹̰̗͙̈̍̄͂́͜ṣ̵̡̞̰͎̝͙͚̘̞̓̊̿̂̉͐͐̐̀̍̂́͋̏́̚͘͠͠ư̴̧̧̨̧̝͙̰̗͓͉͚͇̻͇̝͖̞͙̤͙̞͔̯͈̙̗̰̖̺̼͕͇̗̂̎̐̅͊̔͋̄̿̅̎̍͂̏͘̚ͅṛ̶͙͙͚͖̭̆̄̎̔̾͛̏̈̽͌̎͋̿̈̌̃̃͑̑̏̐̽̎̉́̊̿̆̌̕͜͝͠e̵̛̝̱͓̐̂͊̀̓̑̈́̒̓́̂̿̒̒̔͌̆͌̎͆̓͂̂̏͆̑͜͝͝ ̶̧̧̳̮̬̤̱̯͚̜̜͔̞̰̠̼̩̘͖̹͕̥͔̰͎͖̩̠͇̭̭̺̮̔͊͛̉͐͗͛͌̓̂͐̇̔̑̓̐̇̀̅̿̿̃͛̈́̔̏͛̓͂̏̕̚̕͜͠͠ͅͅͅͅţ̵͔͂̋͌̋͊͗̇ơ̷̘̱͙̝͖͍̪̗̮̫͉͖̪͉̯͙͛̋̾̑͛̇́̑̒̓͐̀̇̓͒̾͛͆̾͗̒̕̚͘͜͝ ̶̧̡̢̭̥͚̱̲̮͙̠̼͉͖̞̩̞̰̠͍̭̭͖͖̻̜͖͇̬͎̮͙̦͗͌̈̌̍̔̋̔̈́̈́̃̍̓͌͒̉̓͐̓̏̓̃̇̅́̐̃̂̚̕͜͝͝d̸̢̨̢̧̢͔͚̼̩̮͖̭̥̮͓̭͇͖̞̰̞̰̋̓̊̈́̈̐̄̆͊̈͑̓̉͝͠ͅŗ̵̲͓̠̮͉̹͍̰̟̘̄̈́̈́̂̀̆͗̔̓̔̐̀̍̓̄̾̋͋̆̈́̓͐͊͒͋͂̓̽͌̂̊͂̔͋̓͌͐̈́̓͠͝ĩ̴̛̛̝̹͓͚̦̱̰̫̌̋͌̏̒́̇̂̅̎̄͒̏̎̈͊͊̽͘̕͜͝͝͝͠n̴̨̡̡̛͚͖̼̖̦͔̬̩̝̞͔̥͖̫̮͎̻͔̪͍͖̣̻̯͉̝̜͓̐̏̾̋̂͛́̍̄̿̔͛̉̾̏̆̍͋͒̂́̽̆͐̋̈͆̊̈̈́̽̔̏̏̎̕̚͘̚͠k̴̡̭̙̼̻̟͔̏̂ ̵̨͓̺̲͇͔̪͇͓̥̰͈̲͊́̂́͋̊̀̾̌͋̉͑̍̿̆̊͐͆̏̑̑͛̾̀̀̏͆̽́͝͠ỵ̶̡̝̺̙͇̪̮͚̣̓̍̐̄̉̇̀͋̔̀̂͒̾̋͘ǫ̴͇̝̤͕̮̺̦̼̪̯̟̼̳͙̼̃̈́́͗̓̊͑́̾̈́͘̕͜͝͠ͅͅų̷̢̛̭̟̭̖̟͇̪̦̪̳̯̟̬͉̬͉͎̫͎̮̜̠͔̝̜̭̪̤͆̆͋̉̆̓̽̋̀̆̌͝r̵̨̡̳͈̝͈̖͈̻̺̮͖̻͓͓͇̩͖̬̣̪͙̗̥̯̍̍͂͂́̑ͅ ̷̢̧̢̧̛̛̖̹͉̳͚̞̟̻̮̟͙̥̥͓͙̻̩̙̈̓͆͌̈́͊́̈́̎̑͗̑̆̀̈́͆̏ͅƠ̴̛̛̱̰̬̲̼̹̬̰̮͓̜̐̔̈́̾̓͆̔͂̂͂̂̓̏̾͐͌͘̕͘͝͝͝v̴̛̤̝̹͙̩͌̾̾̒͋͐͂̍̽̈́͛̎̆̋̓̔̀́̍͑͌͌͂͆̈̚̚̚͘͜͝͝ͅå̶̡̢̹̻͙͗͒̌̓̑̋̂̉̿̌̋͋̆͋͋̈́̋̎̀͝͝ĺ̶̡̨̨̨̛̻͙̘̖͍̥̝̺͔͙̱̼͙̱̀͌̃̍́͊̉͑̐ͅt̶̡̛͎͕̥͉̙̰̫̲̺̩̘̜̖͔̝̜̤̮͙̳̻̮̠̦́̌͌̍̑̃̿̔͒͗̑̏̎̿̉̀̀͊̽̃̽͌͆̏͗͗̋̈́̔̉́̒͗̑̊͜͝ͅį̴̡̢̡̪̥͉̩̯͎̩̤̺̙̩̳̘͓̣̮̰͔̯̘̰̖̪̻͉̣̖̬̩͉̦̃̂̍͜ͅͅņ̵̡̢̧̢̯̠͍͖͔̬̜̥̗̜͈̮͖̗̺̳̱̣̟̦̗͉̮̥̏̿͒̏͆̔̀͐̉̀͗͋͐͌͒̀́̿́͗͂́̏̂͊̑̅͝͝͝͝ȩ̶̨̡̨̫͉̱͉̦̫͇̪̼̰̺̩̘̼̬̝̘̥͖͎̬̺̀̓͋̄̂̉͝͝

  • A_A@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    16 days ago

    What i read [and corrected] from the article :

    “The hacking campaign [group], nicknamed [ by Microsoft ] Salt Typhoon by Microsoft,
    [ this actual campaign of attacks ] is one of the largest intelligence compromises in U.S. history, and not yet fully remediated. Officials in a press call Tuesday [ 2024-12-3 ] refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had previously told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.”

  • 2pt_perversion@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    16 days ago

    Hear me out, maybe we should update pots and sms to have optional end-to-end encryption for modern implementations as well…Optional as backwards compatible and clearly shown as unencrypted when used that way to be clear.

    • micballin@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      16 days ago

      Att won’t make money off that unless they offer it as a paid service. No reason to give that away for free and the other cell carriers can just pay off (bribe with campaign contributions) legislators to understand encryption is “too costly to implement at such a scale”

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      15 days ago

      You mean RCS?

      I’ll raise you one better: use Signal (or simplex.chat if you’re cool). Google and Apple control RCS, and carriers can still sniff metadata. Cut both groups out with a proper messenger.

  • PagingDoctorLove@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    16 days ago

    Question for more tech savvy people: should I be worried about wiping old data, and if so for which apps? Just messaging apps, or also email and social media? Or can I just use the encrypted apps moving forward?

    • kava@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      16 days ago

      the safest perspective to have is this -

      every single thing you send online is going to be there forever. “the cloud” is someone’s server and constitutes online. even end to end encryption isn’t necessarily going to save you.

      for example iCloud backup is encrypted. but Apple in the past has kept a copy of your encryption key on your iCloud. why? because consumers who choose to encrypt and lose their passwords are gonna freak out when all their data is effectively gone forever.

      so when FBI comes a’knocking to Apple with a subpoena… once they get access to that encryption key it doesn’t matter if you have the strongest encryption in the world

      my advice

      never ever ever write something online that you do not want everybody in the world seeing.

      to put on my tin foil hat, i believe government probably has access to methods that break modern encryptions. in theory with quantum computers it shouldn’t be difficult

      • PagingDoctorLove@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        15 days ago

        I agree with you and I don’t put anything that I would consider questionable online, at least not these days. I’m just having a hard time figuring out what adjustments to make in addition to worrying about personal things I’ve already shared, like my gender and race. You know what I mean? I’m a married woman, and I have info in various places about our family planning choices, to give an example. That’s really starting to worry me, but how can I even begin to delete my data? It’s everywhere. Every doctor has their own patient portal, I have multiple email accounts, and I don’t even want to think about the dumb shit I might have posted when YouTube comment sections were new.

        It’s all really overwhelming.

        • kava@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          15 days ago

          yeah i just try not to think about it. I’m glad I was in the myspace generation during my teenage years. so I was actually able to just delete my myspace later on as an adult

          i feel worse for the kids growing up today. they don’t fully understand the implications of what they are posting online. anything and everything is being recorded forever. my generation got a chance to be a stupid kid and have it be forgotten. today’s kids don’t get that opportunity

          the best you can do, though, is just stop posting potentially damaging things online. you can’t change what you already posted. and 999 times out of a thousand, it’s not gonna hurt you.

          i understand the overwhelmed feeling though

    • WhyJiffie@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      16 days ago

      just wanted to add that deleting an app will not result in deletion of your data stored in the cloud (e.g. your emails)

      • PagingDoctorLove@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        15 days ago

        That I do know. I’m not worried about emails, or really anything specific. My online activity is pretty tame, but that’s within the context of a country with a functioning democracy that treats women like free humans. Not a surveillance state that plans to criminalize reproductive healthcare and turn women into sex slaves. I guess the problem I’m having is I don’t know how much I need to change my online habits because I have no idea how bad things are going to get.

        • WhyJiffie@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          13 days ago

          that’s great to hear. in your case not wiping emails and social media is not that much of a danger, I would assume, but I would do it anyway, even if I was not a women, just for the sake of it not being used (theoretically) for ads and such anymore. but be sure you have backed up every email and post you will delete, and storing it securely

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      16 days ago

      That depends on the privacy protections where you live and the policies of each service:

      • most places in the US - they already have your data and aren’t obligated to delete it
      • outside the EU - probably the same as the US
      • the EU or select states (e.g. CA) - you have some protections and a legal obligation to honor delete requests

      For the first two, I wouldn’t bother. I personally poisoned my data with Reddit before leaving, because I’ve heard of then reversing deletions. For the third, deleting may make sense.

      But in general, I’d keep your other accounts open until you fully transition to the new one.

      Below is information when considering a replacement service.

      Anything where data is stored on a server you don’t directly control can be leaked or subpoenad from the org that owns that server. Any unencrypted communication can be intercepted, and any regular encryption (HTTPS) can be logged by that server (e.g. under court order without notifying the customer).

      Even “secure” services can be ordered to keep logs. Here’s an example from Proton mai, and here’s one involving Tutanota.

      So it depends on your threat model, or in other words, who you’re trying to keep away from your data. Just think about how screwed you might be if:

      • a hacker dumps the servers data
      • a police agency secretly orders recording of data and metadata
      • someone steals your device
      • the police confiscate your device

      The answers to the above should help you decide which to type of service you’d feel comfortable with, and what tradeoffs you’re willing to make.

      • NιƙƙιDιɱҽʂ@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        16 days ago

        Check out your old reddit account. I poisoned my data, too, then deleted it, but they restored it completely like the bastards they are. I deleted my 2F too, so it’s there forever now.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          16 days ago

          Yup, I figured that would be the case. I “deleted” my account, so I can’t go verify, but I let it sit for a couple weeks and my poisoned posts were still there (even got a couple replies asking WTF is up w/ my comments).

          So yeah, not sure if my data is still there or not, but at least I tried.

          • Buddahriffic@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            16 days ago

            Thing is, if they have backups, even editing data doesn’t do anything. Or they could even just have it set up to only display the most recent version but still keep each edit on the db. Wouldn’t even be hard to implement. Hell, it wouldn’t even be that hard to implement a historical series of diffs so they don’t have to store the full comments for each edit if the edit is a small one.

            Like if I wanted to run a service that made it easier to find interesting data, part of that would be to flag deletes and edits as “whatever was there before has a higher chance of being interesting”.

            Once something is posted, IMO just assume that it can’t be unposted and trying to unpost it might work similarly to the Streisand effect.

            Even here. Sure, the source is open and I’d bet looking at the delete and edit functions would make it look like everything is fine. But other federated servers don’t have to run the same code and can react to delete and edit directives from other servers however they want. The main difference between this platform and Reddit in regards to control over posted information is the fediverse can’t prevent entities from accessing the data for free (albeit with less user metadata like IP and email).

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              16 days ago

              it wouldn’t even be that hard to implement a historical series of diffs

              And external services provide this as well, like those services where you can find deleted comments (or the internet archive).

              I just try to disassociate my identity as much as I can from sites like Reddit. I never used my email on Reddit, and I haven’t used mine here. I’m guessing an enterprising individual could triangulate who I am based on my posts (though I do post false information sometimes), but that’s a lot less likely than if I handed over that association (i.e. through Facebook or whatever).

              Do what you can, but yeah, assume that everything you post on the internet exists forever.

  • Imgonnatrythis@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    4
    ·
    16 days ago

    The US gov should provide us with their own encryption app to protect us and just have a backdoor only they can access so they can keep an eye on any baddies! #Igotnothingtohide #amiright #muricafuckyeah

  • OldManBOMBIN@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    4
    ·
    16 days ago

    Just stop using your electronic devices. Not like they don’t all have monitors built in already anyway. Every connected device could be sending screenshots home and we’d never know. I mean, I guess you could use something like Wireshark to monitor your home network, but something tells me nowadays there are ways around even that. I’m not a certified network tech or even a script kiddie, but I don’t trust my tech as far as my dog can throw it. I just try to secure through obfuscation as much as possible. Everyone thinks I have carbon monoxide poisoning, but it’s a small price to pay for peace of mind - even a small one.

      • OldManBOMBIN@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        16 days ago

        I’m just saying that, unless you built the device you’re using, and you know what every component does, and you know what it’s doing when, and you know it wasn’t manufactured by a foreign state-owned manufacturer with a penchant for putting spy chips in their devices, then you can’t truly trust anything you do on it, encrypted or not. It doesn’t really matter, if the software is being encrypted by backdoored hardware.

    • SocialMediaRefugee@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      16 days ago

      Do what the Germans did in ww1 when they knew their diplomatic code was broken but couldn’t change it. They put the important stuff in plain sight and treated it like junk mail and encoded the boring stuff.

  • Bluetreefrog@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    9
    ·
    16 days ago

    Interpretation - the NSA can now crack all common encryption methods, so let’s disadvantage our adversaries at no real cost to us.

    • Lofenyy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      16 days ago

      I vaguely recall Bruce Schneier saying that there is good evidence that the NSA cannot crack certain encryption methods. At the time, RSA was on the list. Maybe common methods mean roll-your-own corporate encryption, but it’s my understanding that GNUpg and similar software are safe.