Does that mean that other apps like signal for example have back doors?

Do criminals have a knowledge of exploits in the recommended messaging apps?

  • WhatAmLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    1
    ·
    edit-2
    16 days ago

    You’re missing the #1 reason organized criminals prefer their own service. To have trusted staff who control everything — the servers, code development & deployment — whom can’t be ordered by a court to shut off access to individuals at any time, or provide metadata, eavesdrop, etc.

    The weakest link with legal services like Signal is that they can be compelled by law enforcement, the judicial system, and government… That’s an enormous risk for any organized crime operation. Even a minimal amount of metadata collection can do a lot of damage, especially if it’s analyzed over months/years, and especially when performed by an advanced persistent threat actor like a nation state.

    • MTK@lemmy.world
      link
      fedilink
      arrow-up
      16
      arrow-down
      1
      ·
      16 days ago

      I disagree, stupid self developed systems leak so much more, I think the number 1 reason is, surprise surprise, stupid people.

      Also plenty of criminals and organized crime also use standard tools like telegram (which is way worse then signal)

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        20
        ·
        16 days ago

        I think you’re both right. I think the non-stupid people with successful self-developed systems simply aren’t talked about, because they don’t get caught, because they’re not stupid.

      • RonSijm@programming.dev
        link
        fedilink
        arrow-up
        4
        ·
        15 days ago

        It probably depends on the level of the criminals and organized crime groups. I saw this Youtube video a couple weeks ago that talks about the history of how organized crime groups were using encrypted communication https://www.youtube.com/watch?v=gigIOc_0PKo (And how they were honey-potted by the FBI to use an FBI-hosted service, lol)

        Organized crime groups that make 100s of millions should be capable enough to hire skilled developers and sysops to host self-managed services. At some point if they make enough money, investing in self-managed communication becomes preferable over using telegram or signal.

        • MTK@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          15 days ago

          There are multi million companies that get hacked left and right, money does not mean intelligent security measures.

          Also, best option is the big ones, anyone who wants real security and privacy should use something that already exists. Sure, maybe not signal (even though for anything less then a state actor it is plenty) but there are plenty of self-hosted or decentralized communication apps out there.

          Anyone who builds their own app is very likely making a bad decision.

          Just a reminder that one of the most wanted man in the world by the most capable state in the world (Snowden) is using signal

    • Scoopta@programming.dev
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      16 days ago

      Theoretically signal only has your phone number and time of sign up which means theoretically it shouldn’t matter if the legal system asks them for information.

      • FizzyOrange@programming.dev
        link
        fedilink
        arrow-up
        9
        ·
        16 days ago

        … theoretically. In practice if the NSA used a secret court order that banned them from talking about it and made them update the app to reveal plaintext for one particular person, I don’t see how they could get out of that (other than by breaking the law and risking jail).

        I think the chances of that are very small though.

        • dustycups@aussie.zone
          link
          fedilink
          arrow-up
          6
          ·
          16 days ago

          There is legislation in Australia that allows precicely this. Then 5 eyes or Interpol or whatever for everyone else.

        • Scoopta@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          16 days ago

          …that’s a terrifying but also plausible prospect. Guess it’s a reason not to use the published app and instead build it yourself.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        9
        arrow-down
        1
        ·
        edit-2
        16 days ago

        Yea and if a nation-state knows your phone number, they can track your exact whereabouts in real-time. Let’s not pretend like we know better than them about what information matters :)

        • Scoopta@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          16 days ago

          …yeah and if they went to signal to ask about you they’re going to provide signal your phone number as it’s the only identifier they have in their system…so the nation state already had that to begin with, it isn’t sensitive info despite what it can be used for.