Secure Messaging is a new innovation for confidential story-sharing and source protection, underpinning the Guardian’s commitment to investigative journalism. The Guardian has published the open source code for this important tech to enable adoption by other media organisations.
I saw the headline and was ready to rage about why they should just use signal instead. Then I read the article and honestly this is a fucking genius use of tech
For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Because analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal, but they could still tell you’re sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you’re accessing news.
analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal
How are they analyzing network traffic with Signal? It’s encrypted. And why does it matter if they know you’re sending a message? Literally everyone using Signal is sending a message.
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
How dumb are you? Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though. Pretty easy to comprehend so I am confused why you are acting so stupid.
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you’re trying to hand-waive away by saying “encryption means you’re good!”
Cyber security is not my thing, but my understanding is that you’d still see network traffic - you just wouldn’t know what it says.
Packet data has headers that can identify where it’s coming from and where it’s going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal’s servers use (which is public information), it’s trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it’s impossible to know the actual destination because that’s part of the encrypted payload that a different node will decrypt and forward.
I saw the headline and was ready to rage about why they should just use signal instead. Then I read the article and honestly this is a fucking genius use of tech
Yeah this is insanely good
I read it and don’t understand. Why is this better than Signal? Or the 500 other secure file/messaging protocols?
Jabber seemed to work perfectly for Snowden…
For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
…The Guardian?
Use your browser? These are strange questions.
Did you notice that I used the past tense?
Because analysing network traffic wouldn’t allow an adversary to see what you’re sending with Signal, but they could still tell you’re sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you’re accessing news.
How are they analyzing network traffic with Signal? It’s encrypted. And why does it matter if they know you’re sending a message? Literally everyone using Signal is sending a message.
Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.
But you still gotta send it through the mail. That’s the network traffic analysis that can be used.
Here’s an example of why that could be bad.
Using an encrypted messaging app could itself be a red flag, using a news app is normal behavior.
It isn’t.
https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/
For France, Your a terroriste if you use signal
Then you’re a terrorist if you use the internet, period
Nearly all internet traffic if encrypted, and for plain browser traffic it’s probably in the 95+%
You access your bank? Terrorist! Email? Terrorist! Lemmy? Terrorist!
Then you’re also a terrorist if you use The Guardian 🤷♂️
I dont’ know, do you have sources about this ? Or are you fantasming ?
It’s a red flag to those who think you’re going to share internal info.
Or it’s just a perfectly normal thing that billions of people do every day?
Except that signal is blocked by many companies Mobile Device Management. The one that don’t can typically see who has the app installed. This provides a new clever way to maybe whistleblow
Timing of messages. They can’t tell what you send, but can tell when
No they can’t.
It’s called traffic analysis
It’s called encryption
How dumb are you? Like someone said the point is they can see the fact that you sent a secured message period. Not with the guardian app though. Pretty easy to comprehend so I am confused why you are acting so stupid.
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you’re trying to hand-waive away by saying “encryption means you’re good!”
Cyber security is not my thing, but my understanding is that you’d still see network traffic - you just wouldn’t know what it says.
I run a cryptography forum
Encryption doesn’t hide data sizes unless you take extra steps
Packet data has headers that can identify where it’s coming from and where it’s going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal’s servers use (which is public information), it’s trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it’s impossible to know the actual destination because that’s part of the encrypted payload that a different node will decrypt and forward.
I downloaded the guardian app and couldn’t find the option.