Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open source code for this important tech to enable adoption by other media organisations.
Because analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal, but they could still tell you’re sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you’re accessing news.
analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal
How are they analyzing network traffic with Signal? It’s encrypted. And why does it matter if they know you’re sending a message? Literally everyone using Signal is sending a message.
Sources for what, exactly? What is “fantasming”? The title of the article you posted is “Criminalization of encryption”. The Guardian is using encryption to send messages, so why would they be exempt? In fact, why would any internet use at all not be criminalized? It’s all encrypted.
So you read the title and you know everything.
There is a liste of what they are accusing and their is no mention of internet
The elements of the investigation that have been communicated to us are staggering. Here are just some of the practices that are being misused as evidence of terrorist behavior6:
– the use of applications such as Signal, WhatsApp, Wire, Silence or ProtonMail to encrypt communications ;
– using Internet privacy tools such as VPN, Tor or Tails7 ;
– protecting ourselves against the exploitation of our personal data by GAFAM via services such as /e/OS, LineageOS, F-Droid ;
– encrypting digital media;
– organizing and participating in digital hygiene training sessions;
– simple possession of technical documentation.
But continue to invent reality. What are fact if not debatable point of view ?
That the end for me.
Have a great day.
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Here’s a relevant stack exchange question.
Regarding what an ISP can learn. Of note, everybody is ceding that the ISP can tell you’re using signal, and they’ve moved on to whether or not they’d be able to fingerprint your usage patterns.
Packet data has headers that can identify where it’s coming from and where it’s going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal’s servers use (which is public information), it’s trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it’s impossible to know the actual destination because that’s part of the encrypted payload that a different node will decrypt and forward.
Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?
That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know
Yes, the guardian app allows you to send encrypted messages through their app to their journalists. 100,000 people check the news, one person is whistleblowing. That one person’s messaging traffic is mixed in with the regular news data, so it’s not possible to tell which of those 100,000 people are the source. Signal messages travel through their servers, so anyone inspecting packets can see who is sending messages through signal, just not what the messages contain. Thats a big red arrow pointing to only people sending encrypted messages. With this implementation, those people are mixed in with everyone else just reading news or even just having the app on their device.
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you’re trying to hand-waive away by saying “encryption means you’re good!”
Cyber security is not my thing, but my understanding is that you’d still see network traffic - you just wouldn’t know what it says.
Because analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal, but they could still tell you’re sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you’re accessing news.
I downloaded the guardian app and couldn’t find the option.
How are they analyzing network traffic with Signal? It’s encrypted. And why does it matter if they know you’re sending a message? Literally everyone using Signal is sending a message.
Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.
But you still gotta send it through the mail. That’s the network traffic analysis that can be used.
Here’s an example of why that could be bad.
Using an encrypted messaging app could itself be a red flag, using a news app is normal behavior.
It isn’t.
https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/
For France, Your a terroriste if you use signal
Then you’re a terrorist if you use the internet, period
Nearly all internet traffic if encrypted, and for plain browser traffic it’s probably in the 95+%
You access your bank? Terrorist! Email? Terrorist! Lemmy? Terrorist!
I dunno, I am not the French state. I can only see that they think the usage of signal is making you a terrorist.
Then you’re also a terrorist if you use The Guardian 🤷♂️
I dont’ know, do you have sources about this ? Or are you imagining thing and deciding it is true ?
Sources for what, exactly? What is “fantasming”? The title of the article you posted is “Criminalization of encryption”. The Guardian is using encryption to send messages, so why would they be exempt? In fact, why would any internet use at all not be criminalized? It’s all encrypted.
So you read the title and you know everything. There is a liste of what they are accusing and their is no mention of internet
The elements of the investigation that have been communicated to us are staggering. Here are just some of the practices that are being misused as evidence of terrorist behavior6:
– the use of applications such as Signal, WhatsApp, Wire, Silence or ProtonMail to encrypt communications ;
– using Internet privacy tools such as VPN, Tor or Tails7 ;
– protecting ourselves against the exploitation of our personal data by GAFAM via services such as /e/OS, LineageOS, F-Droid ;
– encrypting digital media;
– organizing and participating in digital hygiene training sessions;
– simple possession of technical documentation.
But continue to invent reality. What are fact if not debatable point of view ? That the end for me. Have a great day.
It’s a red flag to those who think you’re going to share internal info.
Or it’s just a perfectly normal thing that billions of people do every day?
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Use a different device? Use Molly? Use any number of other apps? What’s to stop the MDM from blocking The Guardian app?
Timing of messages. They can’t tell what you send, but can tell when
No they can’t.
E: if someone wants to provide evidence to the contrary instead of just downvoting and moving on, please, go ahead.
Here’s a relevant stack exchange question. Regarding what an ISP can learn. Of note, everybody is ceding that the ISP can tell you’re using signal, and they’ve moved on to whether or not they’d be able to fingerprint your usage patterns.
It’s called traffic analysis
It’s called encryption
Packet data has headers that can identify where it’s coming from and where it’s going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal’s servers use (which is public information), it’s trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it’s impossible to know the actual destination because that’s part of the encrypted payload that a different node will decrypt and forward.
Wouldn’t you have to have some sort of MITM to be able to inspect that traffic?
TOR is what their already-existing tip tool uses.
That, or a court order telling your ISP or mobile operator to allow the sniffing. Or just the police wanting to snoop your stuff because they can. Not every country cares about individual or human rights, you know
Yes, but tor can be blocked at a firewall level, its packets are easy to identify. “Nations like China, Iran, Belarus, North Korea, and Russia have implemented measures to block or penalize Tor usage”
Would you? Are the headers encrypted?
You mean like your workplace wifi that you’re blowing the whistle at?
Removed by mod
The entire point of the article in the OP is that you can send secured messages with The Guardian app. 🤦♂️
Yes, the guardian app allows you to send encrypted messages through their app to their journalists. 100,000 people check the news, one person is whistleblowing. That one person’s messaging traffic is mixed in with the regular news data, so it’s not possible to tell which of those 100,000 people are the source. Signal messages travel through their servers, so anyone inspecting packets can see who is sending messages through signal, just not what the messages contain. Thats a big red arrow pointing to only people sending encrypted messages. With this implementation, those people are mixed in with everyone else just reading news or even just having the app on their device.
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you’re trying to hand-waive away by saying “encryption means you’re good!”
Cyber security is not my thing, but my understanding is that you’d still see network traffic - you just wouldn’t know what it says.
I run a cryptography forum
Encryption doesn’t hide data sizes unless you take extra steps