this post was submitted on 12 Dec 2024
227 points (96.0% liked)

Technology

60016 readers
2611 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] dsilverz@thelemmy.club 5 points 6 days ago

Such an advice coming from surveillance authorities, perhaps it's a Harvest now decrypt later strategy?

Harvest now, decrypt later, also known as store now, decrypt later or retrospective decryption, is a surveillance strategy that relies on the acquisition and long-term storage of currently unreadable encrypted data awaiting possible breakthroughs in decryption technology that would render it readable in the future - a hypothetical date referred to as Y2Q (a reference to Y2K) or Q-Day.

The most common concern is the prospect of developments in quantum computing which would allow current strong encryption algorithms to be broken at some time in the future, making it possible to decrypt any stored material that had been encrypted using those algorithms. However, the improvement in decryption technology need not be due to a quantum-cryptographic advance; any other form of attack capable of enabling decryption would be sufficient.

(Wikipedia)

The more data, the better for surveillance authorities in the future, when E2EE is somehow broken.

Maybe I'm too paranoid, but this (Harvest now decrypt later) is an ongoing known strategy.

[–] karashta@lemm.ee 74 points 1 week ago (3 children)

Showed this information to my boomer mother who then asked my also tech illiterate step father what he thought.

"We don't send sensitive information through texts."

The ignorance almost physically hurts.. Thinking that only the actual message content is important.

Or ignoring the pictures we send and the private things I talk about with my mom.

Do I think that specifically my information would be useful to China? Likely not. But I also have no idea what all is possible with that kind of information in the aggregate.

At the very least, I assume they will use it to manipulate us even more with disinformation.

[–] rottingleaf@lemmy.world 29 points 1 week ago

Easier, imagine half the strangers you've met during the day reading your messages aloud with orcish laughs and judging the pictures.

[–] JaddedFauceet@lemmy.world 11 points 1 week ago

But I also have no idea what all is possible with that kind of information in the aggregate

so does your mom and the general public. This idea and its impact is far too remote to people's day to day life.

  • "Yes, they can collect all they want, why should I care?"
  • "My data is too insignificant to be meaningful for anyone, LMAO, do you think I am some kind of a CEO?"

it may help to try coming out with a story or incident that they can relate to. then again most of the time these stories will sound like a conspiracy theory,

load more comments (1 replies)
[–] renegadespork@lemmy.jelliefrontier.net 59 points 1 week ago (9 children)

How about we just do away with unencrypted messaging all-together?

load more comments (9 replies)
[–] TheAlbatross@lemmy.blahaj.zone 42 points 1 week ago (1 children)

I'm actually really not concerned about foreign governments spying on me but I am bothered by my own government, the guys with the guns who can arrest me, doing it.

Tho I suspect if the government is recommending ways to avoid messages being intercepted, they've already cracked how to intercept them.

[–] bobs_monkey@lemm.ee 26 points 1 week ago (2 children)

What's rich is the FBI promoting WhatsApp. Yeah, not a fucking chance.

[–] pdxfed@lemmy.world 15 points 1 week ago (1 children)

Yeah we can all trust Meta, who never should have been allowed to purchase Whatsapp for antitrust reasons exactly like this. Whatsapp was innovative and very successful outside the US, rather than compete with their own decent product Facebook just absorbed them and gulped their users.

[–] foxitixation@lemmy.zip 14 points 1 week ago

That is why Signal exists.

load more comments (1 replies)
[–] Zak@lemmy.world 30 points 1 week ago (10 children)

Messages between two Apple devices are safe, and messages between two Android devices are safe, but messages between an Apple device and and Android device are vulnerable.

This is not very accurate. Some Android devices come with Google Messages, which will use Google's encrypted version of RCS if the carrier supports it. People who don't know what all of that means should not assume their messages are encrypted.

load more comments (10 replies)
[–] beejjorgensen@lemmy.sdf.org 25 points 1 week ago

The FBI also doesn't want back doors... They just want a way for law enforcement to access any encrypted messages they want to.

https://www.thesslstore.com/blog/us-senator-calls-fbi-director-dumb-stance-encryption/

[–] qwerty@discuss.tchncs.de 24 points 1 week ago* (last edited 1 week ago) (3 children)

Region locked to USA so here's a screenshot.

Full ArticleFBI warns users to encrypt text messages for cybersecurity. Here's how to do it Sunshyne Lynch Binghamton Press & Sun Bulletin

The FBI is warning phone users to encrypt their text messages, especially if you send messages between Apple and Android users.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a statement on Nov. 13 that hackers affiliated with People's Republic of China (PRC) were targeting "telecommunications infrastructure" in a "broad and significant cyber espionage campaign."

The hackers targeted "a limited number of individuals who are primarily involved in government or political activity," according to the statement, and stole "customer call records data" and "certain information that was subject to U.S. law enforcement requests pursuant to court orders."

Despite the FBI and CISA's continued investigation, cybersecurity officials have been unable to stop the hackers.

What text messages should be encrypted Because of the cyberattack, officials are warning smartphone users to use texting apps such as WhatsApp or Signal, as messages between Apple and Android users are not encrypted.

Messages between two Apple devices are safe, and messages between two Android devices are safe, but messages between an Apple device and and Android device are vulnerable.

Here are two text messaging apps that use end-to-end encryption. Once you've downloaded either of these apps to your smartphone, you can also link them to your desktop computers.

How to encrypt text messages with WhatsApp To ensure that messages between Apple and Android users are encrypted, you can use the text messaging app WhatsApp.

To download the app, Apple users should visit the App Store and Android users should visit the Google Play app, and download WhatsApp Messenger. The app is free to download and use.

Once you've downloaded the app, you'll need to accept the Terms and Conditions and allow the app to have certain permissions, like contacts and notifications.

Then, you'll need to select the country you live in and register a phone number you own. This phone number must be able to receive phone calls and text messages, so it cannot be a landline or toll-free number.

WhatsApp will then give you the option for a voice call or to text a code to the phone number you entered in order to verify the number.

Once the number is verified, you must put in the year you were born and your name and click "Done." After you've completed this step, you can begin texting and calling your contacts through WhatsApp.

To use this app, you must have Wi-Fi or cellular data.

How to encrypt text messages with Signal Signal is another encrypted text messaging app to ensure messages between Apple and Android users are protected.

To download the app, Apple users should visit the App Store and Android users should visit the Google Play app, and download Signal - Private Messenger. The app is free to download and use.

Once you've downloaded the app, you'll need to accept the Terms and Conditions and allow the app to have certain permissions, like contacts and notifications.

Like WhatsApp, you'll enter in a phone number that you own and is able to make calls and send and receive text messages.

Signal will text you a verification code that you'll need to enter into the app that verifies the phone number. After the number has been verified, you'll create a PIN that allows you to access your information and ensures your information is encrypted.

You'll then enter in your first and last name to create your Signal profile. After creating your profile, you can begin texting and calling through Signal. The app will show you the contacts in your phone that already have the app.

To use this app, you must have Wi-Fi or cellular data.

load more comments (3 replies)
[–] rottingleaf@lemmy.world 17 points 1 week ago (5 children)

Use Signal or XMPP+OMEMO or anything else.

Mandate social media to expose an open API and use the chat function with an OTR plugin.

The solutions are all old.

It's just interesting how it all went from promotion of corporate surveillance to comms protection when supposed corporate shills won the election.

[–] asudox@discuss.tchncs.de 3 points 1 week ago (8 children)

It would be great if XMPP were to rise again.

load more comments (8 replies)
load more comments (4 replies)
[–] TheFriar@lemm.ee 15 points 1 week ago

“Don’t let CHINA read your messages! Let Facebook!”

[–] ftbd@feddit.org 14 points 1 week ago (1 children)

Article about encryption technology that doesn't even mention the ol' reliable PGP you can use over any communication channel?

[–] jagged_circle@feddit.nl 5 points 1 week ago

User error is high with this one. Also doesn't have PFS.

But you're right it should be mentioned.

[–] 1985MustangCobra@lemmy.ca 12 points 1 week ago (3 children)

I have tried, over and over with the people i communicate with daily(family), and because i take medicine they always say "have you seen your phsyc recently?, have you taken your meds?"

[–] ouRKaoS 1 points 6 days ago

Just because you're paranoid doesn't mean you're wrong!

[–] underwire212@lemm.ee 4 points 1 week ago* (last edited 1 week ago) (2 children)

Well that would be fucking annoying as fuck lmao. Sorry you have to deal with that

For what it’s worth I’ve got a group of friends who don’t give a shit either. Like they take some weird pleasure in not using E2E communication apps and just use SMS. It takes 2 seconds to download a new app.

They can spy on me all they want, I got nuthin to hide harhar

[–] shasta@lemm.ee 2 points 6 days ago

Nothing to hide yet*. Just because you trust the current government and companies doesn't mean you always will. Data harvested now can be used against you (or your family) in the future. How will these people feel when 20 years from now they are denied medical insurance coverage because they have some data on you that proves you used to consume something that is later proven to cause a medical issue. For example, 50 years ago people didn't know that tobacco caused cancer. How would they feel if that information was used against them? What if just smoking even one cigarette increased their insurance premiums by double? These sorts of things could happen in the future. You never know how laws or economies will change, but one thing is certain: information collected on you now will never be used to your benefit, only to your detriment.

[–] 1985MustangCobra@lemmy.ca 1 points 6 days ago

yeah thats the same response "nothing to hide blah blah"

load more comments (1 replies)
[–] ThePowerOfGeek@lemmy.world 8 points 1 week ago* (last edited 1 week ago) (1 children)

~~That article may as well be sponsored by WhatsApp. Zero direct mentions of Signal, but tons pushing people to WhatsApp. That's a bit disappointing.~~

Edit: I was wrong, it does talk about Signal as well.

[–] SnotFlickerman@lemmy.blahaj.zone 21 points 1 week ago (2 children)

The second half of the article is about Signal.

It sucks they mention WhatsApp first, but I think the bigger omission is that they don't mention non-US entities or anything you can self-host and federate like Matrix.

[–] ThePowerOfGeek@lemmy.world 10 points 1 week ago* (last edited 1 week ago) (2 children)

Oh, fair enough then!

ETA: Yes, the lack of mentions of Matrix, etc are a bit disappointing. But I think Matrix is waaay outside their target democratic.

[–] weirdbeardgame@lemmy.world 8 points 1 week ago

Yeeahhh, they're talking to like Grandma who barely knows what a text message is

[–] 0x0@programming.dev 4 points 1 week ago

Their target democratic is still in the matrix.

[–] semperverus@lemmy.world 4 points 1 week ago (1 children)

Matrix isn't super private though. It's halfway there, but compared to something like XMPP, it falls short due to the fact that any instance a user federates with gets a gigantic copy of all of their metadata, and the server operator can do whatever they want with it. So all you would have to do is spin up a new host, message a target user and get them to respond, and you're done.

load more comments (1 replies)
load more comments
view more: next ›