Comment by iamnothere
1 day ago
I have seen anti-Signal FUD all over the place since it was discovered that protesters have been coordinating on Signal.
Here’s the facts:
- Protesters have been coordinating using Signal
- Breaches of private Signal groups by journalists and counter protesters were due to poor opsec and vetting
- If the feds have an eye into those groups, it’s likely that they gained access in the same way as well as through informants (which are common)
- Signal is still known to be secure
- In terms of potential compromise, it’s much more likely for feds to use spyware like Pegasus to compromise the endpoint than for them to be able to break Signal. If NSA has a Signal vulnerability they will probably use it very sparingly and on high profile foreign targets.
- The fact that even casual third parties can break into these groups because of opsec issues shows that encryption is not a panacea. People will always make mistakes, so the fact that secure platforms exist is not a threat in itself, and legal backdoors are not needed.
The downside of opsec is that it breeds paranoia and fear about legal, civic participation. In a way, bullshit investigations like this are an intimidation tactic. What are they going to find - a bunch of Minnesotans that were mad about state-backed killings?
[flagged]
The only reason you think this is because all of your opinions are predetermined by MAGA elites.
Also the current US government think it’s secure enough for their war planning!
They actually used a hackish third party client (interesting since Signal forbids those) which stores message logs centrally, assuming it’s for required USG record keeping. Turns out that it’s possible to invite unwanted guests into your chat whether you’re a protestor or a government official. (It also appears that government contractors still write shitty software.)
Thanks. This really should be the top comment.
Feds and ICE are using Palantir ELITE.
That’s only for targeting. From what I understand ELITE does not include device compromise or eavesdropping. If feds want to compromise a device that has Signal, they would use something like Pegasus that uses exploits to deliver a spyware package, likely through SMS, Whatsapp, or spear phishing URL. (I don’t actually know which software is currently in use but it would be similar to Pegasus.)
As mentioned by someone else, they just need to take the phone of a demonstrator to access their signal groups.
https://freedom.press/digisec/blog/new-leaks-on-police-phone...
1 reply →