I dunno I’m in favor of telling businesses to shut themselves down.

None, if it’s not in a Debian repo I don’t deploy it on my stable server.

It’s not really about docker itself, I just don’t think software has married enough if it’s not packaged properly

I use Debian

Lol, we already can’t launch our own nukes, now we won’t be able to move our own troops without US approval.

Lol

Got no love for Labour Together but this seems like a workable idea.

I’m no fan of Tankies or the CCP, but I’m really not seeing any more pro-china propaganda than you see elsewhere, mostly excitement as a result of their green tech stuff or HSR (while ignoring why China has a need for HSR)

I am seeing a surprising amount of anti-china paranoia from the UK press right now that frankly seems like it’s engineered by the US given its timing. Like articles about diplomats using burner phones as if that isn’t standard (for all countries).

People should understand the limits of E2E encryption.

I’d rather be unhinged than wrong.

No encryption is largely based on encryption algorithms, security is much broader than that.

It’s a lot easier to ship 1 app with a backdoor than reconstruct messages by scanning memory.

Sure but it by necessity sends some encrypted data to the server, Wireshark isn’t going to tell you if that’s just your message or your message and additional information.

Does WhatsApp make it visible when you add a new trusted device? Does Signal?

But yeah Meta have full control of the client and it isn’t audited so they could do it a lot of ways.

UK is requiring age verification on VPNs too

Nobody is saying signal is just as bad, simply that it’s not invulnerable to this kind of attack, even with reproducible builds, especially as we don’t know how the attack works.

When is the last time you checked the linked-devices tab in signal?

I didn’t realize Signal now has reproducible builds (in my defense it didn’t when it launched)

and you can monitor outgoing traffic on your devise to see whether the signal app is sending data that it shouldn’t.

This is mostly useless as the traffic signal is sending is encrypted, so you really have to just trust the code.

creating a backdoor to access plaintext messages is still very difficult if the app is well audited

Well audited is key, this attack likely works by doing something like adding Meta to the list of trusted devices, then hiding itself from the list (either because of code in the client or because it the meta device is only added for a moment), so the backdoor wouldn’t be send_all_messages_to_hq(), it would be in the code to list trusted devices, either explicitly hiding some devices or some sort of refresh timer that’s known so you can avoid being there when the UI is updated).

Or it works through the some other mechanism that still preserves E2E encryption.

The centralized server is only important because it sends you the message to get around the encryption (either adding a new client to your list of trusted clients or in some other way getting your client to send your messages to Meta).

If we trust the keys are possessed only by the generating device, then how does the encrypted message become compromised?

Because the client is capable of adding the backdoor, it isn’t comprosing the encryption. When you add a desktop client to your Signal account it doesn’t break E2E encryption either but your messages are visible in more places. That (or something like it) is what is being described, Meta aren’t decrypting your messages as they go through their E2E network, they are tapping them client side.

deleted by creator

E2E encryption doesn’t prevent client side attacks, I misspoke when I called it a side channel attack, and ultimately Signal code is audited, so Signal is more secure, but people are mistaking a client-side exploit (sent from Meta’s servers to the WhatsApp client) with breaking E2E encryption of whatsapp, which is not what is described in the article.

Yeah a size channel attack is when a poster can’t let go of how small their dick is so talks about how great Signal is all day.