Signal Would 'Walk' From UK if Online Safety Bill Undermined Encryption (bbc.co.uk) 42
Bruce66423 writes: The encrypted-messaging app Signal has said it would stop providing services in the UK if a new law undermined encryption. If forced to weaken the privacy of its messaging system under the Online Safety Bill, the organisation "would absolutely, 100% walk" Signal president Meredith Whittaker told the BBC. The government said its proposal was not "a ban on end-to-end encryption". The bill, introduced by Boris Johnson, is currently going through Parliament. Critics say companies could be required by Ofcom to scan messages on encrypted apps for child sexual abuse material or terrorism content under the new law. This has worried firms whose business is enabling private, secure communication.
Again (Score:5, Insightful)
Re: (Score:3, Insightful)
The same people threatening nuclear war want to protect the children by banning the means of communication that could oppose the people threatening nuclear war.
Yeah, we're not that stupid.
Good for Signal. Now decentralize because they're coming for the servers sooner or later.
Re: Again (Score:5, Informative)
It has always been BS.
Remember when the UK Govt was embroiled in a multidecade child sex ring?
I sure do!
https://www.reuters.com/articl... [reuters.com]
This is all about panopticonism, and a blatant refusal to comprehend what encryption does, and why it has to be that way in order to work.
The UK Govt feels squeamish about its citizens communicating securely, and wants to be notified on a backchannel about all communications, despite the fact that this is impossible to enable without making the encryption moot.
To disguise their BS, they have gone all 'FOR THE CHILDREN!', despite the historical record that they have in that regard, such as actively arresting people who managed to track their sex trafficked kids down.
https://www.google.com/amp/s/w... [google.com]
Or, that such child trafficking has INCREASED, not been reduced, in recent years.
https://www.ons.gov.uk/peoplep... [ons.gov.uk]
So yes, I would say the trustworthiness of BoJo's plan is about on par with that of the Nigerian Prince.
As long as people trust those choads, this will keep happening. Tory Govts have a TERRIBLE reputation with this.
Re: (Score:2)
Perhaps had there been a secure communications tool like Signal available then, the children would have felt safe enough to contact concerned adults from outside the area for help. They certainly needed help and the adults in the area seemed to mostly be interested in them keeping quiet.
So I say keep secure confidential communication secure and confidential FOR THE CHILDREN!
Re: (Score:2)
Re:Again (Score:5, Insightful)
Remember: If you think of the children all the time, chances are good you're a pedo.
Re: (Score:2)
Remember: If you think of the children all the time, chances are good you're a pedo.
And how. There is the occasional person who was abused as a child and becomes an activist. But that's a whole different modus.
But when you get people who are way too obsessed with X activity, they probably engage in it. Or at least want to.
I find it amusing the present obsession of some folks with transgenders. Now don't get me wrong, I find the pronoun business pointless, but seriously, the way some of these folks go on, I'll bet their internet history shows they likes them those "chicks with dicks".
Re: (Score:2)
I have this hypothesis that they are afraid they might hit on a girl, only to find out that there's more land south than north of the equator and they'd have to realize that they had the hots for a guy.
Teh horrorz! Le Gay!
Re: (Score:2)
Of course, the main argument I see against this is: "If it saves one child's life, no amount of surveillance or heavy-handed laws is too much."
Saw this shit in the early 1990s when applied cryptography was nearly banned in the US.
Ugh, yeah, that's an argument used way too often.
Of course, a good counter is if encryption saves a journalist's or freedom fighter's life...
Re: (Score:2)
Pedophiles. Obviously.
Checkmate.
From the (Score:3, Insightful)
Same people who turned a blind eye to Jimmy Savile. https://en.wikipedia.org/wiki/... [wikipedia.org]
That guy was fucking everyone from children to the elderly.
Re:From the (Score:5, Insightful)
Same people who turned a blind eye to Jimmy Savile. https://en.wikipedia.org/wiki/... [wikipedia.org]
That guy was fucking everyone from children to the elderly.
It fits in with my thesis that when a person or group of people make a constant presentation of ostentatious opseudo opposition to something like child abuse, or gay opposition, it's a big red flag.
How many times do we find politicians or clergy who have rageboners (how appropriate a term in this case) about gays end up caught boinking someone of the same sex?
The "Won't someone think of the children!" crowd - aside from the dishonesty of their tactics, are probably thinking a whole lot about having sex with children, just like anti-gay people spend more time thinking about gay sex than gay people do.
So as weird_w points out these folk are into panopticonism, and we can add projection to that.
Re: (Score:3)
Yes, sadly, the most vocal opponents tend to be closet fans. Your examples are spot on.
Is there a name for this other then hypocrite?
Re: (Score:2)
Yes, sadly, the most vocal opponents tend to be closet fans. Your examples are spot on.
Is there a name for this other then hypocrite?
A lot of us call it Malicious projection
Re:good/bad (Score:5, Informative)
They could 'stop providing services' by simply making you check a box that says "I confirm I am not in the UK". Just like when I 'confirm' I'm human before filling out forms.
Re: (Score:2)
I'm glad Signal is making the right choice, and it's a good sign. Despite what I'm about to say below, it shows they're good guys.
But the fact that Signal even has a choice, that it's possible for them to break existing installations of the app, makes the protocol appear to be worthless. Something is terribly mis-designed if they're able to prevent UK users from communicating.
Signal controls both the app and the servers. If they were to agree to provide a back channel to the government, it would include modifying the app to send a copy of all communications to the government.
UK government needs to look in the mirror (Score:3)
https://www.independent.co.uk/... [independent.co.uk]
Inquiry identifies ‘extensive failures’ by councils and police, leaving victims treated as offenders while perpetrators go free
Companies Requried ... (Score:2)
Because people can't use a messaging app run by a company outside the UK can they ...
and UK jurisdiction covers companies with no base of operations here ...
and the UK can legislate against a US based non-profit ...
isn't signal compromised already? (Score:2, Troll)
No. Phshing attack, and unlocked phones. (Score:5, Informative)
It wasn't cracked.
Cellebrite successfully launched a phishing attack on Twilio.
Specifically, they sent phishing emails to Twilio, the SMS provider.
One admin at Twilio fell for it, and submitted his admin credentials to the Cellebrite.
Once they had admin access, they installed signal on their phone, and used a phone number for the account they wished access to.
The SMS was sent, and they immediately read the message using Twilio's admin tools before it reached the end user.
They signed into the account using the 2FA code.
The user's account they signed in to DID NOT have a registration PIN set. Had this been set, no new installation would be allowed unless BOTH 2FA code and PIN are provided. Had the users set a registration PIN, this SMS diversion attack would not have been enough to log in to the signal account on a new device.
The net result:
Cellebrite had been able to log in to the user's account.
Had NO access to chats.
Had NO access to contacts.
Only ability to pretend to be the user in new chats.
Mitigation:
Set a PIN on the account to prevent registration on new devices. ("Set Registration PIN in security settings).
The Second claim by Cellebrite, was a blog saying they broke the encryption, and could access messages.
This physical access has been known for years, and Signal suggests locking phone, and requiring PIN to access Signal. But, notes, if an adversary physically has your phone, there are many more vectors for attempting to gain access.
The details required:
Phone physically in hand to analyze.
Able to access phone running (either known PIN or phone unlocked)
Signal was NOT configured to have a PIN on startup.
Open Signal.
Read the decryption key from device memory.
Copy LOCAL messages, and use the decryption key to read in bulk. (Or, since you have the app open, read them in the App itself.
Re: (Score:1)
Safety? (Score:4, Insightful)
How again is a bill supposed to increase safety that reduces the safety of the information you transmit?
Re: (Score:1)
Turns out it's not your safety they're interested in.
Re: (Score:2)
They are interested in my safety, the problem is I don't want to part with it, so they can't have it.
Re: (Score:2)
Number of users in the UK? (Score:2)
Does anybody happen to know user numbers for the UK? I know only a very few people on Signal, but they all communicate via WhatsApp and occasionally iMessage. Seriously, WhatsApp is so ubiquitous that I wonder if it's only an insignificant number of people who would notice? The government's certainly not going to complain if they walk, although I wonder what that actually means given that surely they can operate from outside the country?
Re: Number of users in the UK? (Score:1)
Interesting.
My initial reaction is that they would not "walk" but be "kicked out" for not complying with the law of the land.
It reminds me of the likes of Google and Facebook in mainland China. They choose not to comply with the law of the land and so are not allowed to operate their illegal services there.
However, last I heard, the UK does not have a Great Firewall to prevent such illegal services from being offered from "overseas".
Does this prospect mean that the UK would implement such a "firewall" or wi
Re: (Score:2)
The UK has operated a system known as 'cleanfeed' [wikipedia.org] since 2004 to block child pornography. It currently operates using a number of methods [bailii.org]:
DNS name blocking, IP address blocking using routers, Deep packet inspection-based URL blocking, Two-stage system (IP followed by DPI blocking).
There's other UK-wide internet filtering (eg various bittorrent sites), but cleanfeed is the most comprehensive one.
Do they read your mail? (Score:2)
I was wondering if they opened your letters in the UK to read your mail to look for pedophiles?
They can't do this in the US.
Looks like they want to invade your privacy just because they can.
Scanning (Score:1)
Couldn't they just scan the encrypted chat and say they found nothing matching abuse images etc, there by complying with the law and not risking their encrypted messages. After all when it's encrypted it's not readable in traditional ways until it is decrypted.
Hacking warrants (Score:2)
Around the world (Score:2)
"Won't somebody please think of the children" or, rather encryption services might, possibly, someday contain CSAM, is a hot-button topic this year: It's equal to Patriotism as one is not allowed to say the government is wrong. It also denies the fact that CSAM existed before encryption services, so removing these services won't remove sexual exploitation.
It's easy to find stories of sexual exploitation where the criminals weren't punished so the sudden interest in catching criminals isn't about keeping
I feel helpless, what can I actually do? (Score:2)
I keep reading about the insanity of the EU trying to hollow out privacy and encryption on various levels and scanning private data and subjectively it feels like it is completely out of my control and some dark forces just keep trying to push this through every couple of years until the dam breaks.
I do not even understand the political process and the factions involved and the checks and balances, really. The news just make it sound like this will be happening definitively any day now and we are all under
Not the UK - only England & Wales. RTFM. (Score:1)