this post was submitted on 25 Jan 2024
94 points (95.2% liked)

Privacy

31939 readers
601 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

TL;DR

Don't use snapchat

all 37 comments
sorted by: hot top controversial new old
[–] [email protected] 49 points 9 months ago* (last edited 9 months ago) (4 children)

he wrote "On my way to blow up the plane (I'm a member of the Taliban)." in a private group chat on snap chat

...a private group chat. Nothing stupid like posting it on xitter or other public place.

Its a fucking in-joke. Do I need to worry about what I say to my friends now in private and worry about what my friendly local government spy would think about it... ?

All this invasion of privacy all these years and all they have to show for it are a few false positives.

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (2 children)

Honestly I hope that this trial is swift and that the government ends up paying him for lost time and money.

On the other hand this is a really good reason to use encrypted communications

[–] [email protected] 3 points 9 months ago

He was acquitted, thankfully.

[–] [email protected] 1 points 9 months ago

And then you see the recent news about some presumably terrorists having "tails" and "signal" as evidence in their case

[–] [email protected] 5 points 9 months ago (1 children)
[–] [email protected] 6 points 9 months ago

The spying is not what suprises me, it's the prosecution. I see why the term matched, I just don't see why it would be illegal.

[–] [email protected] 3 points 9 months ago (4 children)

In general I agree, but there's no privacy on airport Wi-Fi. And very little at an airport in general.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (3 children)

Shouldn't it be all encrypted with SSL?

All the airport wifi could do is see the DNS requests (and the modern trend is to have DoH or DoT enabled by default, for example in the up to date versions of Android)

[–] [email protected] 10 points 9 months ago

Probably more likely to be surveillance of Snapchat.

[–] [email protected] 7 points 9 months ago (2 children)

From the article:

A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.

Public wifi without a VPN is like sex without a condom. The connection may not be encrypted (very risky) and even if it is, you are still susceptible to man-in-the-middle attacks: https://www.garlandtechnology.com/blog/how-to-monitor-encrypted-traffic-and-keep-your-network-secure

I guarantee there will be a flood of articles about this over the next few days because of what I quoted above.

It's also possible that one of his "friends" reported him or something like that.

[–] [email protected] 2 points 9 months ago (1 children)

Please explain to me how using Public WiFi is unsafe if the traffic is encrypted with TLS. Unless they somehow installed a keylogger on everyone connected to said Wifi and picked it up from there, the only way this was possible was on some quick text analysis and recognising the IP address from Snapchat

[–] [email protected] 1 points 9 months ago

The link I provided explains it. They can decrypt traffic through their own devices.

[–] [email protected] 1 points 9 months ago

"A key question in the case was how the message got out, considering Snapchat is an encrypted app.

One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability".

In the judge's resolution, cited by the Europa Press news agency, it was said that the message, "for unknown reasons, was captured by the security mechanisms of England when the plane was flying over French airspace"."

https://www.bbc.co.uk/news/world-europe-68099669

[–] [email protected] 5 points 9 months ago

it's probably some sort of Snapchat automatic alert detecting the words bomb or Taliban.

[–] [email protected] 2 points 9 months ago

I wouldn't expect my data to be secure, but I wouldn't expect to be prosecuted as if I had willfully made it a public statement.

[–] [email protected] 1 points 9 months ago

Snapchat gave the info to police. From BBC:

On its website, in a section titled "How We Work with Law Enforcement Authorities", Snapchat says one of its goals is to "maintain a safe and fun environment where Snapchatters are free to express themselves and stay in touch with their real friends".

It adds: "We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as school shooting threats, bomb threats and missing persons cases, and respond to law enforcement's emergency requests for disclosure of data when law enforcement is handling a case involving an imminent threat to life.

[–] [email protected] 1 points 9 months ago

Yes, especially in the UK, since they're a surveillance state.

There are some things that will always get flagged on any platform. This, drugs, and connections to sanctioned countries, for example. I've heard of people in the US having their Venmo accounts suspended because they put "Havana" in the transaction description. Havana is a local dance club.

[–] [email protected] 9 points 9 months ago (1 children)

I think the most newsworthy part of this is that UK monitors private communications of British citizens. The person was making an obvious joke within a private snapchat group of his friends who knew this was a joke. There was no threat and no hoax because this was a private chat where everybody had context that this was a joke. This is what life in a dystopian surveillance state is like.

[–] [email protected] 6 points 9 months ago (1 children)

I think its likely more than the UK. Honestly I wouldn't be surprised if there was some government contractor doing the monitoring

[–] [email protected] 3 points 9 months ago (1 children)
[–] [email protected] 1 points 9 months ago

Probably as part of a new pre-screening program for employers!

[–] [email protected] 9 points 9 months ago (1 children)

You were convicted of thought crime, next time think what you.. think, punk

[–] [email protected] 3 points 9 months ago

Exactly, this is such a silly case. I think its even funnier that he was interviewed by MI6 and MI7

[–] [email protected] 7 points 9 months ago (1 children)

TL;DR

Don’t use snapchat

TIL that Snapchat is an app used in 2024 without E2EE, Wikipedia article on Snapchat :

Encryption

In January 2018, Snapchat introduced the use of end-to-end encryption in the application but only for snaps (pictures and video), according to a Snapchat security engineer presenting at the January 2019 Real World Crypto Conference.[138][139][140] As of the January 2019 conference Snapchat had plans to introduce end-to-end encryption for text messages and group chats in the future.[141]

[–] [email protected] 11 points 9 months ago (1 children)

Its also proprietary so any claim can't be trusted.

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago) (1 children)

Well, doesn't matter if it's proprietary. Just need to sniff packets and you'd find out if they are encrypted or not, no?

Edit: looks like it's not E2E truly. It might be encrypted in flight, but snapchat as an entity can read anyone's messages. They have a policy to act on threats within thirty minutes and report it to the authorities. Dystopian.

[–] [email protected] 3 points 9 months ago (1 children)

It very much matters. When something is proprietary there is a, no alternatives that will function exactly the same and b, you don't know what its really doing. For all you know its detecting the sniffing and changing its behavior.

Additionally how do you know what's being sent if its encrypted.

[–] [email protected] 1 points 9 months ago (1 children)

Yeah, see my edit.

Before the edit, I just meant the technicality itself: is it actually encrypted or is it plain text? This would have mattered if the state intercepted the message somehow, spying on their citizens. But apparently they did not, because snapchat leaked the data to them in a semi-automated manner: auto-generated incident report based on filtering gets escalated to authorities.

[–] [email protected] 1 points 9 months ago

No matter what it was this is just a reminder to use Foss encrypted chats that have been validated by at least one security audit.

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (2 children)

Probably Snapchat or the phone automatically reported something.

I don't believe the Snapshat app doesn't use TLS, nor the airport performed some sophisticated man-in-the-middle attack.

[–] [email protected] 7 points 9 months ago* (last edited 9 months ago)

Its called mass surveillance. Everything you do and say is being recorded. End to end encryption will only buy you time. (Side note: don't trust proprietary apps)

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)
[–] [email protected] 6 points 9 months ago (1 children)

This is the best summary I could come up with:


If found guilty, the university student faces a hefty bill for expenses after two Spanish Air Force jets were scrambled.

Mr Verma's message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.

A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.

Appearing in court on Monday, Mr Verma - who is now studying economics at Bath University - said the message was "a joke in a private group setting".

He said that the plane's pilot made an announcement, telling passengers that the fighter jets had been scrambled because of a distress signal that had been sent by mistake.

Mr Verma is not facing terrorism charges or a possible jail term, but could be fined up to €22,500 (£19,300) if found guilty and the Spanish defence ministry is demanding €95,000 in expenses.


The original article contains 470 words, the summary contains 157 words. Saved 67%. I'm a bot and I'm open source!

[–] [email protected] 0 points 9 months ago

Just for anyone curious, he wrote: "On my way to blow up the plane (I'm a member of the Taliban)." in a private chat.

[–] [email protected] 5 points 9 months ago (1 children)
[–] [email protected] 3 points 9 months ago

That's a reasonable ruling. He honestly could sue if he wanted.