this post was submitted on 21 Nov 2023
22 points (95.8% liked)

privacy

364 readers
1 users here now

Rules (WIP)

  1. No ad hominem allowed
  2. Attack the idea, not the poster

founded 1 year ago
MODERATORS
 

the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure

the program takes advantage of numerous “loopholes” in federal privacy law

the DAS program has been used to produce location information on criminal suspects and their known associates, a practice deemed unconstitutional without a warrant

(This website is a bit annoying.)

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 11 months ago (2 children)

This is why I push others towards Signal for communication. Only myself and them will have record of what was said and I make them disappear after 4 weeks.

[–] [email protected] 3 points 11 months ago (2 children)

Yeah but can you trust the people you talk with not to install shitty stupid apps, or click on stupid links that compromise their device that then lead to accesa to your measages and phone number?

[–] [email protected] 2 points 11 months ago

That’s a great question to ask! The biggest weakness of any “mathematically private” communication channel is not mathematical, but simply humans (users): Alice, Bob, and also the channel itself implemented by a human coder Chris.

While we don’t need to be paranoid but as a matter of fact, even assuming Alice does everything right, Bob may be sloppy, saving decrypted plain text in a random place (even uploading his own secret key to “cloud” or something, assuming it’s good idea to have a back-up of important files). Also the channel might have a hidden backdoor, perhaps side-channel, unknown to Chris.

It seems important to be aware of these possible human factors.

Also there is this big problem of metadata (this AT&T thing seems to be also largely about metadata).

[Additionally, though less importantly, most cryptography is based on unproven mathematical conjectures, like y=f(x) is easy to compute but it’s hard to get x from y. Which may be relevant when the one-wayness is based on the difficulty of factorization as in RSA.]

[–] [email protected] 1 points 11 months ago (1 children)

Yeah but can you trust the people you talk with not to install shitty stupid apps

You can't, but the threat exists regardless of what service you use.

Regarding my phone number being leaked, I'm okay with that risk. It's relatively easy to ignore/block unknown contacts and I'm not in any threat should someone discover it. For anyone who absolutely needs anonymity, they may want to wait until user names are rolled out and use another service for now.

[–] [email protected] 2 points 11 months ago (2 children)

For anyone who absolutely needs anonymity, simplex may already be better.

[–] [email protected] 2 points 11 months ago (1 children)

While I agree with your statement in general, I think its still early and dangerous to be recommending simplex as a viable alternative. It hasn't stood the test of time nor been independently audited. I'm keeping my eye on it as it seems like a viable alternative, but I'd hesitate to recommend it to anyone who may be at risk.

[–] [email protected] 4 points 11 months ago

Hence the "may already..." depending on use case obviously. You can't really recommend anything to someone who may be at risk, certainly not Signal. Not that I have anything against Signal (I use it daily and have been for years) but anonymous it isn't, not in big part of the world anyway.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

What’s important when you’d like to have absolute privacy or anonymity is, to realize that you can’t. “Use this, and no one can read your message.” is a typical mistake. “This service is world most secure” etc. is just a lie. Anyone who claims that privacy can be simple/easy is either a liar or doesn’t know what they’re talking about.

A rare example of honest/true statements, on the other hand, can be seen on the Cock.li website: http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/

How can I trust you?

You can't.

In this specific case about the US, though, what’s most important is obviously to somehow stop this unconstitutional surveillance by the government (only making AT&T happy and rich). Please, don’t waste a lot of money to invade normal people’s privacy when you already have trillions of debts 😢

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Just now (~ 1 hr ago), EFF also recommended Signal.

https://ssd.eff.org/module/how-to-use-signal How to: Use Signal | Surveillance Self-Defense Last Reviewed: October 31, 2023

Signal is a free and open-source application for Android, iOS, and desktop that employs end-to-end encryption to keep communications safe. Signal has certified to courts that it only maintains two types of user data available to law enforcement: timestamps of when each account was created and the date that each account last connected to the Signal service.

(I also agree with you about simplex, still too early and iffy.)

[–] [email protected] 0 points 11 months ago (1 children)
[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

That is even more annoying and worse for privacy (reCaptcha)!

The linked website is not paywalled. Just click the chevron (V) to hide the annoying thing, or simply disable CSS:

On Tor Browser, LibreWolf, or normal (less privacy-oriented) Firefox:

  • View → Page Style → No Style
  • On keyboard: [Alt], [V], [Y], [Enter]

PS: If you don’t want to open it directly, do this search and use ANONYM ÖFFNEN (much cleaner: many annoying things auto-filtered + they can’t see your IP)

https://metager.de/meta/meta.ger3?eingabe=Secretive%20White%20House%20Surveillance%20Program%20Gives%20Cops%20Access%20to%20Trillions%20of%20US%20Phone%20Records