this post was submitted on 23 Sep 2023
517 points (99.6% liked)

Technology

59300 readers
4927 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Meredith Whittaker reaffirms that Signal would leave UK if forced by privacy bill::Meredith Whittaker, the president of the Signal Foundation, the organization that maintains the Signal messaging app, spoke about the U.K.'s controversial new privacy bill at TC Disrupt 2023.

all 45 comments
sorted by: hot top controversial new old
[–] NocturnalMorning@lemmy.world 70 points 1 year ago (1 children)

What are the governments around the world afraid of? Always so quick to go for overly invasive privacy laws. They should be afraid of the citizens, not the other war around.

[–] jet@hackertalks.com 89 points 1 year ago (1 children)

They are afraid of the citizens, that's why they want to be able to read all the messages.

[–] ZoopZeZoop@lemmy.world 10 points 1 year ago

I think they're saying that they are supposed to be (i.e., this doesn't need fixing). If they "fix" it, the people will be afraid of the government.

[–] DigitalNirvana@lemm.ee 53 points 1 year ago

This is why I use, support, and promote the Signal Foundation. Thanks for what you do!

[–] WuTang@lemmy.ninja 32 points 1 year ago (1 children)

is there any privacy bill for the elected? I would love to have a view on their:

  • banks accounts
  • stocks
[–] cooopsspace@infosec.pub 15 points 1 year ago

Which ones have inappropriate relationships with minors.

And we know they exist. They keep telling us.

[–] autotldr@lemmings.world 22 points 1 year ago (1 children)

This is the best summary I could come up with:


The Online Safety Bill, which was passed into law in September, includes a clause — clause 122 — that, depending on how it’s interpreted, could allow the U.K.’s communications regulator, Ofcom, to break the encryption of apps and services under the guise of making sure illegal material such as child sexual exploitation and abuse content is removed.

Whittaker didn’t mince words in airing her fears about the Online Safety Bill’s implications.

“We’re really worried about people in the U.K. who would live under a surveillance regime like the one that seems to be teased by the Home Office and others in the U.K.”

Whittaker noted that Signal takes a number of steps to ensure its users remain anonymous regardless of the laws and regulations in their particular country.

Asked onstage what data Signal’s handed over in the instances that it’s received search warrants, Whittaker said that it’s been limited to the phone number registered to a Signal account and the last time a user accessed their account.

She pointed to reasons for optimism, like Meta planning to roll out end-to-end encryption on Facebook Messenger and Instagram in spite of the U.K.’s Online Safety Bill.


The original article contains 506 words, the summary contains 194 words. Saved 62%. I'm a bot and I'm open source!

[–] makingStuffForFun@lemmy.ml 20 points 1 year ago

Good on signal. There is no middle ground with fully blow surveillance states as dark as the UK.

[–] HurlingDurling@lemm.ee 20 points 1 year ago (2 children)

My one wonder is, what would banks use to securely provide access to their customers online? What about online stores for local small, medium, and large businesses? Or is this going to knly target messaging and social networks?

[–] darklamer@lemmy.dbzer0.com 15 points 1 year ago* (last edited 1 year ago) (1 children)

My one wonder is, what would banks use to securely provide access to their customers online?

Considering that it would be illegal for banks to securely provide access to their customers online the answer is simple: they wouldn't.

[–] HurlingDurling@lemm.ee 5 points 1 year ago

I see, so this is a blanket ban then.

[–] EnderMB@lemmy.world 6 points 1 year ago

Given that the UK's tech industry is strongly tied to Fintech, and without it utterly crumbles into becoming cheap support for the US, I hope there is some serious clapback from the likes of Monzo, Starling, and co.

[–] FrankTheHealer@lemmy.world 17 points 1 year ago

Meredith Whitaker is good to make this clear. That whole system in UK seems bizarre to me.

PS, Use Signal.

[–] jet@hackertalks.com 14 points 1 year ago* (last edited 1 year ago) (3 children)

I was kind of worried that India did not ban signal when they banned all the end-to-end encrypted chat applications.

If the UK follow the same path, namely signal is exempted, that would be a strong indication that signal is compromised at the nation state level at the very least.

Update: what's with all the down votes? I'm a signal cheerleader, this is a test of signal, we'll see how they react, how the ecosystem reacts. It's curious. We should pay attention. That's all I'm saying

[–] otter@lemmy.ca 7 points 1 year ago (1 children)

Didn't Signal make the same statement for India?

[–] jet@hackertalks.com 5 points 1 year ago* (last edited 1 year ago) (1 children)

I don't recall. I just know India did not ban signal. But they banned all the other end and encrypted apps I use. So it's very curious.

One of my colleagues said, and a very reasonable and intelligent colleague at that, if you were going to design a global intelligence honey pot for encrypted messaging, signals how you would do it.

I'm not saying they are, but they have the capability to, structurally their ideal for honeypot. The fact that India didn't ban them, that's a data point....

I still use signal, on the balance of probabilities it's still the best platform for a general end to end encryption, but nothing is forever so I keep my options open

[–] elmicha@feddit.de 5 points 1 year ago (1 children)

I'm curious how such a ban works. Of course they'll tell Google and Apple to stop distributing the apps, but can't you just sideload the app? Or are they blocking some network connections at the country level, or filtering DNS?

[–] jet@hackertalks.com 10 points 1 year ago

It could get really interesting. Delisting from the app store would probably cover 90% of users.

People could still sideload, or use fdroid or VPNs.

If the UK got aggressive with internet filtering and blocked signals endpoints, signal proxies exist. But they would be slower for day-to-day use. Just like signal does for Iran.

We might see a resurgence of domain front running, which I believe cloudflare and AWS had harsh words for signal when they used it before. But if it's the only option.

The internet will find a way to route basically. I have full faith in that

[–] AllNewTypeFace@leminal.space 5 points 1 year ago (1 children)

There’s a difference between the spooks being able to read everyone’s messages and the ordinary police being able to do so. Assuming that Five Eyes or similar have a secret way of decrypting Signal messages, it won’t remain a secret if every drug dealer who uses Signal is swiftly arrested. (Even with the trick of parallel construction, postal inspectors magically getting lucky every time someone uses Signal would get suspicious pretty quickly.) If the spooks can read your Signal messages, they are compelled to ration that capability rather than burning it.

[–] jet@hackertalks.com 2 points 1 year ago

Agreed 100%. So I think signal matches most people's threat models, so it's still great to recommend to people.

If you were running some countries internal messaging service for diplomats. You might use signal, but you'd have to mirror the infrastructure to completely host it. And then probably add your own ciphers on top.

All down to the threat model.

[–] solidsnail@programming.dev 2 points 1 year ago

It doesn't necessarily mean that. It could also be that they attempt to block the rise of new platforms, and by doing so limiting the amount of platforms that they have to compromise.