https://www.city-journal.org/article/signals-katherine-maher-problem
U.S.-supported Color Revolutions abroad.
This is 100% Russian propaganda language and the whole article is built on this narrative 🤮
The problem is that the article does not point to any specific surveillance or backdoor issues in Signal code which, as we all know, is open-source. It does not even point to any specific legal or organisational issues which could lead to tampering the software. And because the author does not have any such arguments, the whole premise of the article is built on top “look, she worked there” and the rest is left to the reader and their personal paranoias 🤷
And these references to “regime changes” and “color revolutions” only confirm author’s own political bias and highly insulting to everyone in these countries where people fought for their own freedom.
Adding Durov’s quote on top of that is rather ironic, as the messenger is known to cooperate with FSB requests and completely opaque as it comes to its operations and server-side code.
Signal refuses to provide reproducible build instructions for iOS
Why?
Yes, there are technical hurdles to do reproducible builds on iOS: you need a jailbroken device or one of the unlocked phones from the security research program. But it's possible to do.
https://yasha.substack.com/p/signal-is-a-government-op-85e
I imagine I'm safe because I'm basically trusting the dev of that rather than the Signal dev. And it's all end to end encrypted so no-one's trusting the server.
Or maybe not. Maybe he hasn't audited the code before modifying it.
the project was actually a State Department-connected initiative that planned to wield open source Internet projects made by hacker communities as tools for American foreign policy goals”—including by empowering “activists [and] parties opposed to governments that the USA doesn’t like.” Whatever the merits of such efforts,
The enemy of my enemy is my temporary ally.
What do you think of SimpleX Chat?
There are no global identifiers and it’s decentralised so the metadata privacy should be good. The creator is suspicious of Crystals-Kyber so he used strnup761 instead for PQC. And it’s possible to switch servers smoothly if you get kicked from one or there’s a problem with it.
> An alarming number of important people I’ve spoken to remarked that their “private” Signal messages had been exploited against them in US courts or media. But whenever somebody raises doubt about their encryption, Signal’s typical response is “we are open source so anyone can verify that everything is all right”.
Many. Good summary:
Matsapulina’s case is hardly an isolated one, though it is especially unsettling. Over the past year, numerous dissidents across Russia have found their Telegram accounts seemingly monitored or compromised. Hundreds have had their Telegram activity wielded against them in criminal cases. Perhaps most disturbingly, some activists have found their “secret chats”—Telegram’s purportedly ironclad, end-to-end encrypted feature—behaving strangely, in ways that suggest an unwelcome third party might be eavesdropping. These cases have set off a swirl of conspiracy theories, paranoia, and speculation among dissidents, whose trust in Telegram has plummeted. In many cases, it’s impossible to tell what’s really happening to people’s accounts—whether spyware or Kremlin informants have been used to break in, through no particular fault of the company; whether Telegram really is cooperating with Moscow; or whether it’s such an inherently unsafe platform that the latter is merely what appears to be going on.
https://www.wired.com/story/the-kremlin-has-entered-the-chat/
The main problem with Telegram is lack of E2EE by default, you have to specifically set these “secure chats” and it’s burdensome enough to discourage users from doing it. And the above paragraph talks about these “secure” chats being compromised.
@sun @kravietz @feld signal just freaks me out a little bit because you need to sign up with your phone number. Session is the better choice if you're looking for privacy. They literally can't give out that information because they don't have it, whereas Signal has complied with orders and given numbers before iirc. Could just use a burner phone or something but, you know, still.
Tor is funded by the government but they use it too, it's in their best interest to keep it as safe as it is. They don't need to do anything crazy to catch people with bad opsec (dread pirate Roberts for instance) and most of the time they're just using honeypots anyway (like those "hire a hitman" services), not that the network itself is compromised. As long as you don't have an entire string of government connections then you're good, and if you're really concerned then you can always use a new connection on every site. Someone going to those lengths probably has a lot more shit they need to worry about lol.
@Hyolobrika @kravietz @feld
Not what you ask for, but my reason not to trust it:
https://social.librem.one/@m0xee/112529843691683740
No hard proof, it's only indirect, but after that PR-stunt campaign of attempting to block it and failing to do so, Telegram is one IM that I, being Russian, trust the least.
@Hyolobrika @kravietz @feld
To be fair — I don't trust Signal either, anything that uses phone numbers is a hard pass in my book as I can never trust cell carrier in Russia.
But double-ratchet that was pioneered in Signal was adopted in Matrix, XMPP with OMEMO and plethora of other messengers, there is no reason to use Signal itself 🤷
@thatguyoverthere @kravietz @feld
They might be, but in this case it might be simply impossible to tell, what part of it is being manipulated and what comes of acting on their own accord. It might sound absurd, but for people living in non-free regimes, CIA might be way more trustworthy than any domestic entity. CIA (and their friends belonging to other states) might indeed be skilled manipulators, but it doesn't mean that people would do whatever they want.
@thatguyoverthere @kravietz @feld
Imagine me fighting for trans rights (just for the sake of example) — CIA probably might think of just using this agenda to undermine local government, but would it be my motivation? No, I genuinely believe what I fight for. Would I do this to undermine my own government — when it comes to non-free countries, my answer would probably also be "yes". Do I do this to hurt my own people? CIA doesn't really care, but me — I probably don't want that.
@thatguyoverthere @kravietz @feld
So does it matter if CIA was involved?
Of course shit might ALWAYS go sideways — TP AJAX something-something. But did CIA want THIS outcome? Probably not — it became a total clusterfuck, no matter the angle you look at it. But this only proves once again that not everything goes according to their plan — they are also not always in control.
@thatguyoverthere @kravietz @feld
The real questions is: if I'm someone who is willing to cooperate with CIA and I'm actually capable with their help of achieving success — who is using whom? And the second one: if someone so capable prefers to work with foreign government rather then pursuing public policy career in their own, is such a state/government even worth preserving?
https://gist.github.com/soatok/8aef6f67fec9c702f510ee24d19ef92b?permalink_comment_id=5058644
@feld
Yes, I'm aware of presence leak in multi-user rooms, I think this existed for years — would be great if they fixed that, but I'm not really concerned as I'm not using them 🤷
I ask because you can easily "upgrade" a two-person room to a multi-person room.
- replies
- 2
- announces
- 0
- likes
- 0
@Hyolobrika @feld
They are, but whom would it leak the status to in this case? There is your server and the server the other party is on — both are already aware of your presence 😆
The way I understand it, it sends out your status to all participants of group chats even to the sessions that no one verified explicitly or implicitly — if one of the participants is compromised, it could be used to track when you go online.
@Hyolobrika @feld
The problem was already blown out of proportion as it is, but in case with 1 on 1 chats it's not even relevant.
Besides, I think they have already implemented a "sort of" fix for that: "Never send encrypted messages to unverified sessions in this room from this session" in room settings is just that, but it's not perfect as you have to enable it for each of your sessions individually.
@thatguyoverthere @kravietz @feld
Yes, but as individuals become leaders of movements, they get more ambitious and harder to keep on the leash. E.g. it was discovered that Lech Wałęsa had ties with domestic intelligence — if anyone is surprised, it's not me 🤷 In the end it was him who had the last laugh: it was him who fucked the system over and succeeded, not the other way around as it usually happens, so who am I to judge?
@thatguyoverthere @kravietz @feld
And when it's foreign intelligence, it's even less control and I'm pretty sure that a lot of the money they are pouring into it might be yielding no return at all and goes into drugs and cheap booze for "very perspective" young political activists, journalists, some — probably into more expensive booze for professors of who-the-fuck-knows-what from a plethora of high-brow think tanks 😂
@thatguyoverthere @kravietz @feld
When it comes to CIA involvement, on one hand I understand where this is coming from, it's American guilty conscience speaking: "It was us who ruined their country!", on the other — it denies people in other countries their free will. It's like you said — not direct mind control, more like favouring one party over the other, but if tipping the balance of scales can result in collapse, this means that society is already in an unhealthy state.
@thatguyoverthere @kravietz @feld
Were any of these countries that are often attributed to be "ruined by CIA" ever prosperous? There are particularly funny cases, such as Iraq. I've been rewatching Vice recently — not a bad movie of course, very entertaining and well-made, but it's implied throughout the movie: "They did it for the oil!" Now let's take a look into who is mining oil in Iraq: https://en.wikipedia.org/wiki/Petroleum_industry_in_Iraq#Service_contracts_licensing_results
@thatguyoverthere @kravietz @feld
OMG, European companies are there too, but it's not only them: China, Turkey — those who can't be suspected to be US' lapdog; but there is more — Russia, one of the most vocal critics!
I mean — yep, US involvement didn't bring any good, that is for sure. Debatably, that was a dirty political game and some Americans are willing to take the blame, but if they indeed "did it for the oil", apparently, they did a rather shitty job.
@thatguyoverthere @kravietz @feld
I can keep going about these things forever, but my position is: their intent might be evil, and it's indeed might be there, they might be even imagining themselves as puppeteers running the whole world, but real efficiency of this foreign influence thing is hard to measure and overall questionable.
Besides, we have our case in point — Iran.
@thatguyoverthere @kravietz @feld
It wasn't heaven on earth, so-called Middle East was never land of the free — but considering the region and time, it was a rather liberal country — mostly secular. And it turned into a theocratic hell hole. I don't have anything against religion when it's people's personal beliefs and even against organised religion to a degree, but not when it becomes an aide for some group to stay in power indefinitely.
@thatguyoverthere @kravietz @feld
And it's not some conspiracy, it's all public, and everyone — including those in CIA, have this example right in front of them. What happens when you sow chaos for the sake of sowing chaos, hoping that you would be somehow able to take control over it later. So they have to think twice about it.
Or is the problem that notifications are being sent automatically without the user's knowledge?
@Hyolobrika @kravietz @feld @thatguyoverthere
Fair point, but the share of all US companies is not an order of magnitude greater than the combined share of Russian oil producers, IIRC it's not even two times greater — the numbers are comparable. And yet "Powell shaking the vial at UN" is a major propaganda talking point here. So it would be like you've robbed some guy, and me being like: "Okay, I'll take my share of course, but you're such a bastard for robbing that poor fella!"😏
@Hyolobrika @kravietz @feld @thatguyoverthere
If they indeed "did it for the oil" — it would be wise to "protect the investments" and make sure others can't join the party, at least not on this scale. Of course we can delve further into conspiracy and suspect that letting Russian companies in was in fact according to the plan — to whitewash the US foreign influence operation. But if that is the case — US intelligence community is hands down too competent.
@Hyolobrika @kravietz @feld @thatguyoverthere
Resistance is futile — if it were KGB/GRU, they would've fucked up at least twice on every stage of the operation.
More likely scenario IMO is that however bad it is, this operation was part genuine concern of the situation in the region, part dirty political games (i.e. certain people acting for their own political gain, not as state actor) and part incompetence — bad intel, etc-etc.
@Hyolobrika @kravietz @feld @thatguyoverthere
If oil was involved in the decision making it wasn't the primary motivation. But when it was done — oil production companies just started filling the void, companies from all around the world, including countries that never approved of the whole thing — just not to be "too late to the party", so did the US companies — not because they were *enabled* to act.
@thatguyoverthere @kravietz @feld
Finding Ministry CD brought this thread back in memory.
I mean yeah, I'm pretty sure it had very bad effects domestically, but me simply agreeing with you on this would be a hypocrisy — I'm not a US citizen so it's hard for me to assess the extent of it. My point is that "US did it for the oil" — is a gross oversimplification, and it does neither party justice.
@thatguyoverthere @kravietz @feld
It's not some uncontrollable process, not some natural occurrence "US always does it" — these decisions have people behind them, these people have names, the movie explores this topic really well by the way. And these people can be held responsible.
But it's not like on the other end there are noble barbarians living in mud huts, having the time of their lives, but then US came and ruined the idyllic livelihoods — no, far from it!
@thatguyoverthere @kravietz @feld
There very often are equal assholes in power, they don't have the resources of US, but they also aren't subject to international scrutiny, and the freedom of press isn't even remotely close to that of the US. People hate their own governments — and very often rightfully so! No surprise that some would rather have US involved than die in the darkness or authoritarian regime fighting all that shit alone.
@thatguyoverthere @kravietz @feld
Or worse: until some undemocratic regime has fallen out of favour, US might be even assisting the local motherfucker in charge.