Feds Accessed Encrypted Signal Messages To Charge Oath Keepers' Leader Over Jan 6
Federal Investigators have admitted to accessing encrypted messages sent on Signal before the Capitol riots, to help charge the Oath Keepers' leader and other defendants for 'seditious plots'.
Investigators did not confirm how they accessed them, as the encryption allows only the sender and recipients to read them - even #Signal can't. One possibility is someone with access to the group messages cooperated with the authorities and handed them over.
Subscribe to RT t.me/rtnews
Federal Investigators have admitted to accessing encrypted messages sent on Signal before the Capitol riots, to help charge the Oath Keepers' leader and other defendants for 'seditious plots'.
Investigators did not confirm how they accessed them, as the encryption allows only the sender and recipients to read them - even #Signal can't. One possibility is someone with access to the group messages cooperated with the authorities and handed them over.
Subscribe to RT t.me/rtnews
Belgium wants to ban Signal
Last week, the Belgian government launched a proposal that would ban Signal.
Just over seven years ago, a Dutch court threw out the Dutch Telecommunications Data Retention Act. Under that law, telecommunication providers were obliged to retain metadata about our communications for up to two years. This did not concern the content of a message or conversation, but information about who has contact with whom. And when. And the location of the participants. It was almost inevitable that the court would invalidate this law: European judges previously declared the European Data Retention Directive invalid, and the Dutch law was its national implementation.
https://edri.org/our-work/belgium-wants-to-ban-signal-a-harbinger-of-european-policy-to-come/
#belgium #signal
Last week, the Belgian government launched a proposal that would ban Signal.
Just over seven years ago, a Dutch court threw out the Dutch Telecommunications Data Retention Act. Under that law, telecommunication providers were obliged to retain metadata about our communications for up to two years. This did not concern the content of a message or conversation, but information about who has contact with whom. And when. And the location of the participants. It was almost inevitable that the court would invalidate this law: European judges previously declared the European Data Retention Directive invalid, and the Dutch law was its national implementation.
https://edri.org/our-work/belgium-wants-to-ban-signal-a-harbinger-of-european-policy-to-come/
#belgium #signal
European Digital Rights (EDRi)
Belgium wants to ban Signal – a harbinger of European policy to come - European Digital Rights (EDRi)
Last week, the Belgian government launched a proposal that would ban Signal. What's going on?
#Signal would 'walk' from UK if Online Safety Bill undermined encryption - BBC News
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
#UK #Privacy #Encryption
https://web.archive.org/web/20230224103103/https://www.bbc.com/news/technology-64584001
The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption.
If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC.
#UK #Privacy #Encryption
Media is too big
VIEW IN TELEGRAM
#Tucker #Carlson on How the #NSA Hacked His #Signal Account to Stop Him From Interviewing Putin
"Everyone's in on it. Republicans and Democrats are all in on it."
https://rumble.com/v2ck8m0-tucker-carlson-on-how-the-nsa-hacked-his-signal-account-to-stop-him-from-in.html
https://twitter.com/TheChiefNerd/status/1634322345509756930
@ChiefNerd
"Everyone's in on it. Republicans and Democrats are all in on it."
https://rumble.com/v2ck8m0-tucker-carlson-on-how-the-nsa-hacked-his-signal-account-to-stop-him-from-in.html
https://twitter.com/TheChiefNerd/status/1634322345509756930
@ChiefNerd
This media is not supported in your browser
VIEW IN TELEGRAM
KryptEY - Secure E2EE communication
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY
F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey
Reminder :
new apps available in F-Droid app may not emmediatly show on the F-Droid web site ( ie when you share the link app it returns a 404 error ) some extra time is needed for both to be available
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client
#encryption #keyboard #E2EE
#messenger #security #Signal
Paragon Graphite is a Pegasus spyware clone used in the US –
The #malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like #Signal or #WhatsApp, sometimes harvesting the data from cloud backups – much like Pegasus does.
#spyware #US #Clone #Pegasus #NSO #DEA #ParagonGraphite #Paragon
The US government banned the use of NSO’s Pegasus spyware 18 months ago, but a new report today says that at least one government agency is using very similar malware from a rival company: Paragon Graphite.
According to four [industry figures], the US Drug Enforcement and Administration Agency is among the top customers for Paragon’s signature product nicknamed Graphite.
The #malware surreptitiously pierces the protections of modern smartphones and evades the encryption of messaging apps like #Signal or #WhatsApp, sometimes harvesting the data from cloud backups – much like Pegasus does.
#spyware #US #Clone #Pegasus #NSO #DEA #ParagonGraphite #Paragon
Reminder : How CIA Created Signal Messenger App - GreatGameIndia – 2021
Open Whisper Systems
Signal was launched by now-defunct Open Whisper Systems (OWS) in 2013, brainchild of shadowy tech guru ‘Moxie Marlinspike’ – real name Matthew Rosenfeld.
In February 2018, responsibility for managing the app passed to the nonprofit Signal Foundation, launched with $50 million in startup capital provided by billionaire former Facebook higher-up Brian Acton, the Foundation’s executive chair.
OWS never published financial statements or disclosed the identities of its funders at any point during its operation, although the sums involved in launching and maintaining a messaging platform used by a vast number of people internationally over several years were surely significant.
#Signal #CIA
Open Whisper Systems
Signal was launched by now-defunct Open Whisper Systems (OWS) in 2013, brainchild of shadowy tech guru ‘Moxie Marlinspike’ – real name Matthew Rosenfeld.
In February 2018, responsibility for managing the app passed to the nonprofit Signal Foundation, launched with $50 million in startup capital provided by billionaire former Facebook higher-up Brian Acton, the Foundation’s executive chair.
OWS never published financial statements or disclosed the identities of its funders at any point during its operation, although the sums involved in launching and maintaining a messaging platform used by a vast number of people internationally over several years were surely significant.
#Signal #CIA
#Signal: Keep your phone number private with Signal usernames
https://signal.org/blog/phone-number-privacy-usernames/
Comments
https://signal.org/blog/phone-number-privacy-usernames/
Comments
Signal
Keep your phone number private with Signal usernames
Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, and your groups private – among much else. Now we’re taking…
NoGoolag
Photo
Quiet
Encrypted p2p team chat with no servers, just Tor.
https://tryquiet.org/index.html
https://github.com/TryQuiet/quiet
Currently in developpement stage so be cautious of your data
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In Quiet, all data syncs directly between a team's devices over Tor with no server required.
No email or phone number required, Unlike #Slack, #Discord, #WhatsApp, #Telegram, and #Signal, no email or phone number is required to create or join a #community.
End-to-end encryption, All data is #encrypted end-to-end between member devices, using Tor.
Channels, Organize chats in Slack-like channels, so conversations don't get messy.
Images, Send and receive images, with copy/paste, drag & drop, and image previews.
Files, Send and receive files of unlimited size!
Notifications, Invite links, Keyboard controls, Desktop apps
Android, Quiet works on Android, and F-Droid support is on the way.
#E2E #Chat #Quiet #Tor
Encrypted p2p team chat with no servers, just Tor.
https://tryquiet.org/index.html
https://github.com/TryQuiet/quiet
Currently in developpement stage so be cautious of your data
Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In Quiet, all data syncs directly between a team's devices over Tor with no server required.
No email or phone number required, Unlike #Slack, #Discord, #WhatsApp, #Telegram, and #Signal, no email or phone number is required to create or join a #community.
End-to-end encryption, All data is #encrypted end-to-end between member devices, using Tor.
Channels, Organize chats in Slack-like channels, so conversations don't get messy.
Images, Send and receive images, with copy/paste, drag & drop, and image previews.
Files, Send and receive files of unlimited size!
Notifications, Invite links, Keyboard controls, Desktop apps
Android, Quiet works on Android, and F-Droid support is on the way.
#E2E #Chat #Quiet #Tor
tryquiet.org
Quiet - Private messaging. No servers.
#WhatsApp, #Signal and #Telegram among apps cut from #iPhone app store to comply with censorship demand
#China ordered #Apple to remove some of the world’s most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company’s second-biggest market.
https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100
#China ordered #Apple to remove some of the world’s most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company’s second-biggest market.
https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100
WSJ
Exclusive | China Orders Apple to Remove Popular Messaging Apps
WhatsApp, Signal and Telegram among apps cut from iPhone app store to comply with censorship demand.
The encrypted-messaging service #Signal is the application of choice for dissenters around the world. The app has been downloaded by more than 100 million users and boasts high-profile endorsements from NSA leaker Edward Snowden and serial entrepreneur Elon Musk. Signal has created the perception that its users, including political dissidents, can communicate with one another without fear of government interception or persecution.
But the insider history of Signal raises questions about the app’s origins and its relationship with government—in particular, with the American intelligence apparatus. Such a relationship would be troubling, given how much we have learned, in recent years, about extensive efforts to control and censor information undertaken by technology companies, sometimes in tandem with American government officials...
So what does all this mean for American users—including conservative dissidents—who believe that Signal is a secure application for communication? It means that they should be cautious. “Maher’s presence on the board of Signal is alarming,” says national security analyst J. Michael Waller. “It makes sense that a Color Revolutionary like Maher would have interest in Signal as a secure means of communicating,” he says, but her past support for censorship and apparent intelligence connections raise doubts about Signal’s trustworthiness. https://www.city-journal.org/article/signals-katherine-maher-problem
But the insider history of Signal raises questions about the app’s origins and its relationship with government—in particular, with the American intelligence apparatus. Such a relationship would be troubling, given how much we have learned, in recent years, about extensive efforts to control and censor information undertaken by technology companies, sometimes in tandem with American government officials...
So what does all this mean for American users—including conservative dissidents—who believe that Signal is a secure application for communication? It means that they should be cautious. “Maher’s presence on the board of Signal is alarming,” says national security analyst J. Michael Waller. “It makes sense that a Color Revolutionary like Maher would have interest in Signal as a secure means of communicating,” he says, but her past support for censorship and apparent intelligence connections raise doubts about Signal’s trustworthiness. https://www.city-journal.org/article/signals-katherine-maher-problem
City Journal
Signal’s Katherine Maher Problem
Is the integrity of the encrypted-messaging application compromised by its chairman of the board?
Don't install #signal app for #macOS, it is not secure.
I carried out this small experiment:
- I wrote a simple Python script that copies the directory of Signal's local storage to another location (to mimic a malicious script or app)
- I ran the script in the Terminal and got a copy of my Signal data on my Mac
- I booted a fresh macOS installation in a virtual machine
- I transferred the copy of Signal's data to the VM and placed it where Signal expects it: ~/Library/Application\ Support/Signal
- I installed Signal and started it
- Signal started and restored my session with all the chat histories 😳
- I exchanged a couple messages with a contact from the VM and it worked 😳
- Then, I started Signal on the Mac
- I got three sessions running in unison: Mac, iPhone, and VM 😳
Messages were either delivered to the Mac or to the VM. The iPhone received all messages. All of the three sessions were live and valid. Signal didn't warn me of the existence of the third session [that I cloned]. Moreover, Signal on the iPhone still shows one linked device. This is particularly dangerous because any malicious script can do the same to seize a session.
Perhaps this flaw is what makes some users think that Signal has a "backdoor" as it is easy for sophisticated attackers to target a victim who's using the Mac app and see their chats. (The same may be also true for the Windows app)
https://x.com/mysk_co/status/1809287118235070662
I carried out this small experiment:
- I wrote a simple Python script that copies the directory of Signal's local storage to another location (to mimic a malicious script or app)
- I ran the script in the Terminal and got a copy of my Signal data on my Mac
- I booted a fresh macOS installation in a virtual machine
- I transferred the copy of Signal's data to the VM and placed it where Signal expects it: ~/Library/Application\ Support/Signal
- I installed Signal and started it
- Signal started and restored my session with all the chat histories 😳
- I exchanged a couple messages with a contact from the VM and it worked 😳
- Then, I started Signal on the Mac
- I got three sessions running in unison: Mac, iPhone, and VM 😳
Messages were either delivered to the Mac or to the VM. The iPhone received all messages. All of the three sessions were live and valid. Signal didn't warn me of the existence of the third session [that I cloned]. Moreover, Signal on the iPhone still shows one linked device. This is particularly dangerous because any malicious script can do the same to seize a session.
Perhaps this flaw is what makes some users think that Signal has a "backdoor" as it is easy for sophisticated attackers to target a victim who's using the Mac app and see their chats. (The same may be also true for the Windows app)
https://x.com/mysk_co/status/1809287118235070662
#Signal under fire for storing encryption keys in plaintext
https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/
https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/
Stack Diary
Signal under fire for storing encryption keys in plaintext
Popular encrypted messaging app Signal is facing criticism over a security issue in its desktop application. Researchers and app users are raising
Signal downplays encryption key flaw, fixes it after X drama | Bleeping Computer
Signal is finally tightening its desktop client’s security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018.
As reported by BleepingComputer in 2018, when Signal Desktop for Windows or Mac is installed, it creates an encrypted SQLite database to store a user's messages. This database is encrypted using a key generated by the program and without input from the user.
#Signal
Signal is finally tightening its desktop client’s security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018.
As reported by BleepingComputer in 2018, when Signal Desktop for Windows or Mac is installed, it creates an encrypted SQLite database to store a user's messages. This database is encrypted using a key generated by the program and without input from the user.
#Signal