sunzu2@thebrainbin.org
on 12 Mar 2025 19:07
nextcollapse
The app?
wesker@lemmy.sdf.org
on 12 Mar 2025 19:10
nextcollapse
Yes.
sunzu2@thebrainbin.org
on 12 Mar 2025 19:16
collapse
Damn... Hmm are they part of the US government?
wesker@lemmy.sdf.org
on 12 Mar 2025 19:21
collapse
The article explains everything. The gist is Russians are targeting Ukrainians with phishing attacks via Signal. There also is the suggestion they’re exploiting the linked devices functionality, though I’m not sure how.
sunzu2@thebrainbin.org
on 12 Mar 2025 19:24
collapse
Appreciate this, I don't click links lol
Apparently if they can get you to scan some bogus qr code they can get you add their device to your account.
Why signal not cooperating tho? Following us government?
wesker@lemmy.sdf.org
on 12 Mar 2025 19:28
nextcollapse
Not sure. Might be political tension. Might be that phishing attacks are typically user error, and Signal feels like at a certain point it’s not their responsibility. Hard to say beyond conjecture, and I didn’t see a clear reason given in the article.
variaatio@sopuli.xyz
on 12 Mar 2025 19:51
nextcollapse
Because they can’t without backdooring the software? Just like they also refuse to co-operate with Swedish government and threatened to leave the market should Sweden try to force them.
You know Russian spies can also use TOR onion routing and so on.
As for phishing there is nothing Signal can do about someone scanning a signal contact sharing QR and adding it to their contracts list beyond informative “hey are you really sure, really really sure you want to add this contact”. If user trusts someone they shouldn’t, no amount of app policy protections help. Or maybe they manage to shish them to scan and approve “share account to another device”. Again nothing Signal can do about that.
I strongly suggest doing so if you want to understand what the article is about
sunzu2@thebrainbin.org
on 12 Mar 2025 21:05
collapse
Comment section is all I need
slartibartfast@feddit.uk
on 12 Mar 2025 19:11
collapse
The encrypted messaging app Signal
Yes.
postall@lemmy.world
on 12 Mar 2025 19:28
nextcollapse
Ok, they had choice to use Jami, app independent of anyone, but they chose centralization…
aleq@lemmy.world
on 12 Mar 2025 19:32
nextcollapse
Did they really? I assume they would do more research than me when choosing tech, but my initial reaction is “the fuck is a Jami?”. Is this a big app in recent years?
AbidanYre@lemmy.world
on 12 Mar 2025 19:45
nextcollapse
It’s a messenger backed by the GNU foundation. The last time I tried it it didn’t reliably deliver messages on Android.
And you’re proud of that? Well, I’m glad someone else has found out about serverless, independent messenger.
mohab@piefed.social
on 12 Mar 2025 20:07
nextcollapse
Jami sucks. I will continue to have it installed and hope one day it evolves into a reliable instant messenger, but, currently, it's extremely unreliable. Not for times of war.
postall@lemmy.world
on 12 Mar 2025 21:22
nextcollapse
Yup, he had some problems that are almost gone now. It’s an obvious consequence of being completely serverless. But it provides independence. I transferred all my communication there, and frankly I’m surprised that everything works for many people I know. Signal doesn’t. But Telegram and WhatsApp still does. For how long…
Not sure how you read pride into this at all, the implication is that if they don’t know about it it’s not a choice, while at the same time acknowledging that perhaps I’m just out of the loop.
If they secretly kept that info and didn’t release it, I guess that could be true. But do we have a reason to believe they’re keeping that info?
sunzu2@thebrainbin.org
on 12 Mar 2025 20:42
collapse
a FISA court order can force them to collect what they can which would includr time stamps and who you are contacting.
I don't think signal logs it by default though, but jack shit they can do about national security laws since they are incorporated under US law.
timewarp@lemmy.world
on 12 Mar 2025 19:40
nextcollapse
Give it time. Before long you’ll see articles about how we need to ban encryption to help Ukraine fight Russia & Democrats will support it cause that is how clueless many of them are.
TheTechnician27@lemmy.world
on 12 Mar 2025 19:41
collapse
Dude fuck off.
dukethorion@lemmy.world
on 12 Mar 2025 20:03
collapse
Why? He’s right…
TheTechnician27@lemmy.world
on 12 Mar 2025 20:04
collapse
Not even close, but okay.
thesmokingman@programming.dev
on 12 Mar 2025 22:15
collapse
While I personally think a removal of encryption tends be on the other side of this conflict, I have been called a nonce several times by otherwise leftist folks because of my support for strong encryption(ie the only people who want encryption have something to hide ergo you’re a nonce). This is all anecdote so YMMV.
homesweethomeMrL@lemmy.world
on 12 Mar 2025 19:42
nextcollapse
First off, Signal hasn’t said anything, this is an accusation made at a conference in Kyiv. So - who knows, they’re behind, they don’t have billions to support an army, who knows.
IF they have chosen to not help Ukraine where at all possible, that would be bad.
All of that said, if I was running a modern army using an encrypted chat app, I’d fucking have all that shit in-house, wtf. It’s 2025. Ukraine already has a bunch of l337 h4X0rs. I’m sure they could slap something together in days and have it in the field in weeks.
justOnePersistentKbinPlease@fedia.io
on 12 Mar 2025 19:50
nextcollapse
Moreover, its not like Ukraine hasnt been pushing for localized tech stack since at least 2016-2018 ish.
unexposedhazard@discuss.tchncs.de
on 12 Mar 2025 23:18
nextcollapse
Yeah they are slowly moving to matrix afaik
ivanafterall@lemmy.world
on 13 Mar 2025 02:02
collapse
techforwhat@lemmy.today
on 13 Mar 2025 04:18
collapse
Really? Could you provide some sources? I’m curious to learn more.
pntha@lemmy.world
on 12 Mar 2025 22:28
nextcollapse
not to mention the Signal protocol is open source so they could literally build something in days and ensure the same encryption
ForgotAboutDre@lemmy.world
on 13 Mar 2025 06:08
collapse
Maintaining and testing such an app has costs and risks. They may think it’s more secure that signal does this. It is also harder to attack all of signal.
They are also significantly resource constrained, everything they have goes towards defence. The effort building the app could be deployed on developing weapon systems they can’t buy.
Your right nations should have their own independent systems for secure communications for military, politicians and civil service.
sugar_in_your_tea@sh.itjust.works
on 13 Mar 2025 03:35
nextcollapse
Simplex is probably ready now. It’s self-hostable, and has strong encryption.
They have over 30% ios devices, for whatever reasons iphones are very popular in Ukraine.
OhVenus_Baby@lemmy.ml
on 14 Mar 2025 01:17
collapse
What about android?
corsicanguppy@lemmy.ca
on 13 Mar 2025 14:20
collapse
I’m sure they could slap something together in days and have it in the field in weeks.
We make a lot of assumptions about how other people live, and what they have available.
PotatoesFall@discuss.tchncs.de
on 12 Mar 2025 20:06
nextcollapse
What exactly is the cooperation that Signal was doing beforehand? Signal claims to collect very little data so I’m not sure how exactly they help?
socsa@piefed.social
on 12 Mar 2025 20:11
nextcollapse
Russia was caught running a bunch of side channel and phishing attacks using malicious QR codes. Presumably signal could help track these patterns in terms of time and place, to help isolate where espionage activity was occuring.
LastYearsIrritant@sopuli.xyz
on 12 Mar 2025 22:12
collapse
Except Signal should not have that data. They claim they do not log that information, so it should be impossible for them to do that.
Unless signal is lying, that’s not something they can do.
Sparkega@sh.itjust.works
on 12 Mar 2025 22:38
collapse
Malicious QR codes were used to establish a separate device as a ‘linked device’ which would allow the attacker to receive and read Signal messages sent to and from the target
BigDiction@lemmy.world
on 13 Mar 2025 04:31
collapse
This tracks. Signal claims to have your phone number and logs on the last time that number accessed the service.
They could not generate new access codes via Twilio when certain patterns are detected and still be within that known data.
corsicanguppy@lemmy.ca
on 13 Mar 2025 14:21
collapse
so I’m not sure how exactly they help?
I would say yes, that you are not sure how exactly they help, if I’m answering your question as written.
knighthawk0811@lemmy.ml
on 12 Mar 2025 22:05
nextcollapse
What’s the difference in this context? Can’t their enemies send dodgy links and QR codes on Matrix?
knighthawk0811@lemmy.ml
on 13 Mar 2025 21:54
collapse
they can send anything, but if they run their own matrix on their own servers then the data stays in house… important for govt or military things
cupcakezealot@lemmy.blahaj.zone
on 13 Mar 2025 02:54
collapse
bye bye signal just deleted it.
don’t need to support a pro kremlin app
pulsewidth@lemmy.world
on 13 Mar 2025 05:44
nextcollapse
There’s a whole ocean between ‘a single (biased) source claims Signal have stopped responding to requests for cybercrime assistance’ and ‘Signal is a pro-Kremlin app’.
Hope you don’t use (almost) any other messaging app either. If a single unsubstantiated article is enough to make you stop using something, you should be using almost nothing anywhere.
threaded - newest
The app?
Yes.
Damn... Hmm are they part of the US government?
The article explains everything. The gist is Russians are targeting Ukrainians with phishing attacks via Signal. There also is the suggestion they’re exploiting the linked devices functionality, though I’m not sure how.
Appreciate this, I don't click links lol
Apparently if they can get you to scan some bogus qr code they can get you add their device to your account.
Why signal not cooperating tho? Following us government?
Not sure. Might be political tension. Might be that phishing attacks are typically user error, and Signal feels like at a certain point it’s not their responsibility. Hard to say beyond conjecture, and I didn’t see a clear reason given in the article.
Because they can’t without backdooring the software? Just like they also refuse to co-operate with Swedish government and threatened to leave the market should Sweden try to force them.
You know Russian spies can also use TOR onion routing and so on.
As for phishing there is nothing Signal can do about someone scanning a signal contact sharing QR and adding it to their contracts list beyond informative “hey are you really sure, really really sure you want to add this contact”. If user trusts someone they shouldn’t, no amount of app policy protections help. Or maybe they manage to shish them to scan and approve “share account to another device”. Again nothing Signal can do about that.
As long as there’s a clear confirmation dialog.
That’s not how anything works
I strongly suggest doing so if you want to understand what the article is about
Comment section is all I need
Yes.
Ok, they had choice to use Jami, app independent of anyone, but they chose centralization…
Did they really? I assume they would do more research than me when choosing tech, but my initial reaction is “the fuck is a Jami?”. Is this a big app in recent years?
It’s a messenger backed by the GNU foundation. The last time I tried it it didn’t reliably deliver messages on Android.
And you’re proud of that? Well, I’m glad someone else has found out about serverless, independent messenger.
Jami sucks. I will continue to have it installed and hope one day it evolves into a reliable instant messenger, but, currently, it's extremely unreliable. Not for times of war.
Yup, he had some problems that are almost gone now. It’s an obvious consequence of being completely serverless. But it provides independence. I transferred all my communication there, and frankly I’m surprised that everything works for many people I know. Signal doesn’t. But Telegram and WhatsApp still does. For how long…
Not even good for sending memes to friends in peace time
Not sure how you read pride into this at all, the implication is that if they don’t know about it it’s not a choice, while at the same time acknowledging that perhaps I’m just out of the loop.
The article is about Signal providing info on what the Russians are doing on the app and not Ukraine using it themselves
Did it ever respond to those “requests”? What would Signal have anyway other than phone number to login association.
Call logs?
Nope, all they collect is date of registration and last time the client connected to the server. Has been proven in court.
Technically they can also store what I said, but yes, in fact it appears they don’t.
So apparently some people think Signal can’t see to which number they send that registration confirmation SMS.
Humanity isn’t worth it, these apes are doomed.
National security laws supercede the courts... If they called info on national security grounds, it would not be disclosed in court papers.
If they secretly kept that info and didn’t release it, I guess that could be true. But do we have a reason to believe they’re keeping that info?
a FISA court order can force them to collect what they can which would includr time stamps and who you are contacting.
I don't think signal logs it by default though, but jack shit they can do about national security laws since they are incorporated under US law.
Give it time. Before long you’ll see articles about how we need to ban encryption to help Ukraine fight Russia & Democrats will support it cause that is how clueless many of them are.
Dude fuck off.
Why? He’s right…
Not even close, but okay.
While I personally think a removal of encryption tends be on the other side of this conflict, I have been called a nonce several times by otherwise leftist folks because of my support for strong encryption(ie the only people who want encryption have something to hide ergo you’re a nonce). This is all anecdote so YMMV.
First off, Signal hasn’t said anything, this is an accusation made at a conference in Kyiv. So - who knows, they’re behind, they don’t have billions to support an army, who knows.
IF they have chosen to not help Ukraine where at all possible, that would be bad.
All of that said, if I was running a modern army using an encrypted chat app, I’d fucking have all that shit in-house, wtf. It’s 2025. Ukraine already has a bunch of l337 h4X0rs. I’m sure they could slap something together in days and have it in the field in weeks.
Moreover, its not like Ukraine hasnt been pushing for localized tech stack since at least 2016-2018 ish.
Yeah they are slowly moving to matrix afaik
<img alt="" src="https://lemmy.world/pictrs/image/e547be2d-4028-4d34-8af6-75933c0befc9.gif">
Really? Could you provide some sources? I’m curious to learn more.
not to mention the Signal protocol is open source so they could literally build something in days and ensure the same encryption
Maintaining and testing such an app has costs and risks. They may think it’s more secure that signal does this. It is also harder to attack all of signal.
They are also significantly resource constrained, everything they have goes towards defence. The effort building the app could be deployed on developing weapon systems they can’t buy.
Your right nations should have their own independent systems for secure communications for military, politicians and civil service.
Simplex is probably ready now. It’s self-hostable, and has strong encryption.
I wish. SimpleX has a notification/delivery issue on iOS—it's not reliable at all over there.
Most Ukrainians are probably priced out from Apple products. I don’t think iOS is a concern in their use case.
They have over 30% ios devices, for whatever reasons iphones are very popular in Ukraine.
What about android?
We make a lot of assumptions about how other people live, and what they have available.
What exactly is the cooperation that Signal was doing beforehand? Signal claims to collect very little data so I’m not sure how exactly they help?
Russia was caught running a bunch of side channel and phishing attacks using malicious QR codes. Presumably signal could help track these patterns in terms of time and place, to help isolate where espionage activity was occuring.
Except Signal should not have that data. They claim they do not log that information, so it should be impossible for them to do that.
Unless signal is lying, that’s not something they can do.
Malicious QR codes were used to establish a separate device as a ‘linked device’ which would allow the attacker to receive and read Signal messages sent to and from the target
This tracks. Signal claims to have your phone number and logs on the last time that number accessed the service.
They could not generate new access codes via Twilio when certain patterns are detected and still be within that known data.
I would say yes, that you are not sure how exactly they help, if I’m answering your question as written.
why aren’t they using the matrix?
What’s the difference in this context? Can’t their enemies send dodgy links and QR codes on Matrix?
they can send anything, but if they run their own matrix on their own servers then the data stays in house… important for govt or military things
bye bye signal just deleted it.
don’t need to support a pro kremlin app
There’s a whole ocean between ‘a single (biased) source claims Signal have stopped responding to requests for cybercrime assistance’ and ‘Signal is a pro-Kremlin app’.
Hope you don’t use (almost) any other messaging app either. If a single unsubstantiated article is enough to make you stop using something, you should be using almost nothing anywhere.