General > General Technical Chat
Delete WhatsApp, use Signal Private Messenger instead
<< < (15/25) > >>
rsjsouza:

--- Quote from: SVFeingold on January 13, 2021, 02:18:26 pm ---And anyway, my post was pointing that most people don't have strong enough reasons to care about encryption to learn how to verify checksums and sideload apps. Which they don't. If an easy-to-use and popular app comes along that can already do the things they want it to, AND it happens to have some good encryption, then people might eventually use it. Those who DO have strong reasons - like those you mentioned - will be much more inclined to learn those things and take those steps. They're already sold on the idea.

--- End quote ---
I agree that most people do not have much to hide and are not particularly worried about this. However, this wave of popularity came with the brash attitude of the main player Whatsapp arbitrarily changing their terms of service to share even more information with their other tainted services - that despite the Cambridge Analytica scandal swayed only a relatively small proportion of Facebook users.
RenThraysk:

--- Quote from: Halcyon on January 14, 2021, 06:51:07 pm ---
--- Quote from: RenThraysk on January 14, 2021, 12:36:51 pm ---The way adversaries get around phone locks is to make sure you are using your phone when they grab you.
I don't know either for certain. Pretty well versed (written an implementation of) the Signal protocol, but that just covers e2e.
Given Cellebrite's recent embarrassing claim of being able to access the Signal's messages using software, if the phone is unlocked. Suspect might be using whatever secure storage the OS provides.

https://signal.org/blog/cellebrite-and-clickbait/

--- End quote ---

That's not the only way, it's the easy way, but there are many phones where locks can simply be bypassed or disabled with nothing more than a few clicks of a mouse and some hardware, or you can simply extract the contents of the memory (even if it's encrypted) without ever booting up the phone or knowing the password. Other phones are brute forced (some slowly, some very quickly). That's all the detail I will (and am allowed to) go into.

Cellebrite software and tools can read the Signal database from the phone, but it doesn't extend to every version of Signal (and to my knowledge, not the latest ones). Yes it's true, if you get the PIN/password (either from the user, brute force or via some other method), then you can just view the messages on the screen. As I said, once you have physical access to a device, all bets are off.

That being said, unless you have thousands and thousands of dollars to spend, the average nerd on the street is not going to have access to these tools (and some of them can't be bought with all the money in the world unless you're a law enforcement agency).

--- End quote ---

Yeah, am kind of familiar. Companies like Grayshift and their $15,000? GrayKey hardware, though Apple supposedly patched the exploit for that.
Halcyon:

--- Quote from: RenThraysk on January 15, 2021, 12:42:09 am ---though Apple supposedly patched the exploit for that.

--- End quote ---

Suuuuure.... Apple "patched" it.  :-X
SVFeingold:
And again...same mentality.

Apple is a $2T company. They make most of their money selling hardware. One thing Apple does better than most is taking user privacy and security seriously. It's a big part of their marketing, and a big part of their appeal to a wide swath of users.

You really think they're just going to keep known exploits in their products...just in case...what, exactly? So they can steal your mac and cheese recipe? They can blackmail you for your nudes? For your sexual orientation? For what? What reason would they have to the risk their reputation? What is it that's so darn irresistible about some random person's data? Crypto enthusiasts can have some serious narcissism. Everyone thinks they're James Bond; the world's best hackers and most powerful corporations are just desperate to get at the mundane details of their lives. I just don't see it. Unless the answer is the nebulous big brother government. There's plenty of evidence of that at other companies. Not quite so much at Apple AFAIK.

There's evidence-based reasoning and then there's paranoia and conspiracy theories. I guess it's also possible my sarcasm detector is broken.  :-BROKE
Halcyon:
I can tell you for a fact that the likes of Cellebrite and Grayshift are still very much in business when it comes to modern smartphone manufactuers (including Apple) running the latest versions of their respective operating systems. I'll let you read between the lines. There is a lot of money in that industry and a lot of very smart people working there, including former engineers for big companies.

All that aisde however, don't forget these tools are designed to be purchased by government agencies, law enforcement and national security agencies in order to conduct their business. Yes, if you have enough money, you too can buy a Cellebrite licence as a private customer, however as I said earlier, even the most nerdiest nerd on the street more than likely won't have one, due to sheer cost alone. As for other products, those companies won't even deal with you unless you are a specific type of government agency, it doesn't matter how much money you have.

All I can tell you (within certain bounaries) is what I know to be true and what is already available out there in the public domain. Some of this might seem rather "CSI-esq", but believe me when I say, there is a lot of cool tech out there that most people will never lay eyes on.
Navigation
Message Index
Next page
Previous page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod