Scrutable

Via this tweet, if I'm reading this right, the EU Council of Ministers want security services to have backdoor keys to WhatsApp etc. in light of the recent terrorist attacks. I'm in two minds about this sort of thing - I want authorities to more easily prevent terrorism and organised crime, but also want ordinary citizens to communicate privately.

Ministers in various places keep demanding that sort of thing. WhatsApp got shut down in Brazil a few times when I was there because of some geriatric judge making similar demands and being ignored.

It's technologically impossible to have a backdoor to end-to-end encryption, which is the whole f.cking point of it, and it would be nice if ministers could do a modicum of research before making moronic requests.

Something I've wondered is: If WhatsApp is as secure as they claim, why do the people who are really concerned about secrecy (including terrorists) all seem to use Telegram?

Telegram has some additional features, like self-destructing messages that leave no trace on end-user devices and intermediate servers. Plus, nobody really trusts facebook with anything privacy related.

Bird on a Fire wrote: Mon Nov 09, 2020 10:51 am Telegram has some additional features, like self-destructing messages that leave no trace on end-user devices and intermediate servers. Plus, nobody really trusts facebook with anything privacy related.

Makes sense, ta. Although as I found out when I reinstalled the app, WhatsApp doesn't seem to store a lot on its servers either. At least, nothing they're prepared to give back to the user who put it there.

The whole backdoor-v-security thing is like the irresistible force and the unmoveable object. What people really want is a backdoor into *other people's* communications.

I read an interesting article a while back on biometric passports. Apparently they are genuinely making it hard for spy agencies, including the ones that are at least notionally on our side, because it is now much harder for a person to travel around the world with fake identities now that the terminal in the airport has access to a system that can call up the fingerprint records. (I think the strangest thing for me about the article was that there still are physical spies travelling round the world.)

Are potential terrorists really so thick as to use social media for plotting their attacks? Many years ago my (ahem) friend just had a g-mail account that a few people knew the address to and just kept all the messages in the draft box. Never sent, never seen.

veravista wrote: Mon Nov 09, 2020 11:36 am Are potential terrorists really so thick as to use social media for plotting their attacks? Many years ago my (ahem) friend just had a g-mail account that a few people knew the address to and just kept all the messages in the draft box. Never sent, never seen.

That's less secure than end-to-end encryption. The data still goes to google's servers so can still be read by Five Eyes powers, google algorithms and employees and possibly others.

Does whatsapp even count as social media? It's a messaging service that doesn't post things publicly, a bit like texting (but more secure).

veravista wrote: Mon Nov 09, 2020 11:36 am Are potential terrorists really so thick as to use social media for plotting their attacks? Many years ago my (ahem) friend just had a g-mail account that a few people knew the address to and just kept all the messages in the draft box. Never sent, never seen.

I read a long time ago that the 9/11 attackers used this technique. Just been trying to find a link but can't find one and now I'm worried my searches have put me on someone's list so I'll leave it at that.

Brightonian wrote: Mon Nov 09, 2020 12:16 pm

veravista wrote: Mon Nov 09, 2020 11:36 am Are potential terrorists really so thick as to use social media for plotting their attacks? Many years ago my (ahem) friend just had a g-mail account that a few people knew the address to and just kept all the messages in the draft box. Never sent, never seen.

I read a long time ago that the 9/11 attackers used this technique. Just been trying to find a link but can't find one and now I'm worried my searches have put me on someone's list so I'll leave it at that.

Petreus tried to use that with his paramour. That's how they got found out.

The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

Is nobody else intrigued by the fact that veravista is apparently friends with a load of terrorists?

OneOffDave wrote: Mon Nov 09, 2020 2:27 pm The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

Given that Word writes temporary files to disk, so that it can recover documents in case of a crash, this isn't the best idea.

Notepad, OTOH.

veravista wrote: Mon Nov 09, 2020 11:36 am Are potential terrorists really so thick as to use social media for plotting their attacks?

Yes, totally. A lot of them really aren’t very smart.

Bird on a Fire wrote: Mon Nov 09, 2020 4:24 pm Is nobody else intrigued by the fact that veravista is apparently friends with a load of terrorists?

I mean a good proportion of this forum are actually supervillains of one sort or another, so no, not really

EACLucifer wrote: Mon Nov 09, 2020 6:56 pm

Bird on a Fire wrote: Mon Nov 09, 2020 4:24 pm Is nobody else intrigued by the fact that veravista is apparently friends with a load of terrorists?

I mean a good proportion of this forum are actually supervillains of one sort or another, so no, not really

As the old saying goes, if you don't know who the mark is, then its you.

dyqik wrote: Mon Nov 09, 2020 5:48 pm

OneOffDave wrote: Mon Nov 09, 2020 2:27 pm The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

Given that Word writes temporary files to disk, so that it can recover documents in case of a crash, this isn't the best idea.

Notepad, OTOH.

Or an encrypted hard drive (I assume Windows supports full-disk encryption?)

Probably best not to use Word Online, though.

Bird on a Fire wrote: Mon Nov 09, 2020 7:59 pm

dyqik wrote: Mon Nov 09, 2020 5:48 pm

OneOffDave wrote: Mon Nov 09, 2020 2:27 pm The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

Given that Word writes temporary files to disk, so that it can recover documents in case of a crash, this isn't the best idea.

Notepad, OTOH.

Or an encrypted hard drive (I assume Windows supports full-disk encryption?)

Probably best not to use Word Online, though.

I wouldn't bet against there being a backdoor through Windows full-disk encryption.

Bird on a Fire wrote: Mon Nov 09, 2020 4:24 pm Is nobody else intrigued by the fact that veravista is apparently friends with a load of terrorists?

He was a drug dealer actually (so I've been told)

Woodchopper wrote: Mon Nov 09, 2020 7:28 pm

EACLucifer wrote: Mon Nov 09, 2020 6:56 pm

Bird on a Fire wrote: Mon Nov 09, 2020 4:24 pm Is nobody else intrigued by the fact that veravista is apparently friends with a load of terrorists?

I mean a good proportion of this forum are actually supervillains of one sort or another, so no, not really

As the old saying goes, if you don't know who the mark is, then its you.

Cool! My very own SMERSH.

The best starting point is probably "if something is known to be a great way to avoid detection, it's guaranteed to be easily detected".

OneOffDave wrote: Mon Nov 09, 2020 2:27 pm The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

If they were physically passing laptop around, why not just use pen and paper?

AMS wrote: Tue Nov 10, 2020 9:49 pm

OneOffDave wrote: Mon Nov 09, 2020 2:27 pm The Fertiliser bomb plot chaps used an open word document on a laptop that they passed between each other in the same room and deleted each line after they had read to avoid being bugged. Obviously the rest of their security wasn't as good as they all got rolled up fairly quickly

If they were physically passing laptop around, why not just use pen and paper?

Poor handwriting?

I've seen the films/tv where they scribble the paper on the pad to see what was written before.

George Smiley handwrote documents, one sheet of paper at a time, on a glass plate to avoid leaving impressions.

So W.H.Smith are on the alert for anyone who buys a ream of A4 and asks directions to a glazier.

Dermot O'Logical wrote: Wed Nov 11, 2020 7:37 am So W.H.Smith are on the alert for anyone who buys a ream of A4 and asks directions to a glazier.

As a former WH Smith employee, I can confirm that we had one full day of training twice a year regarding the identification of spies.