One interesting thing I read in a Dutch paper today was that a cyber security expert that was involved in the hack was surprised they kept using these specialized services. It’s very easy for authorities to get approval to hack and read _all_ the messages of a service that has a user base that is nearly 100% criminal. If criminals were smart (his words), they’d use Signal or Whatsapp where they’d be a small percentage of the user base and authorities would have a much harder time to get court-allowed blanket access like they had with Sky or Encro.
I think it's an issue with estimating probabilities.
They probably saw a few failures a year of people using Signal or WhatsApp slopily on old Android phones that were easy to sideload onto with a warrant, had microphones with no hard switch, etc, etc.
They probably saw no failures of Sky ECC (as it sounds like a vendor hardened the phone for them and any convenience over security features are non-existent) right up until the claim that the protocol is broken and everyone is affected.
And yet, the police all claim that criminals are dumb, and wait for them to do something that gets them caught. That's one of the basic investigation tactics--wait for the criminal to screw up.
It’s not an issue of smart vs. dumb. It’s that the cops can screw up infinitely without consequence (yesterday US cops shot a 1 year old baby in the head... nothing will happen to any of them) while the criminals have to be perfect and get busted on the first mistake. That asymmetry is why idiot cops who could barely graduate high school routinely bust even skilled criminals.
> a service that has a user base that is nearly 100% criminal
The article says this service is widely used among criminals. That doesn't mean the user base of this service is largely criminals. In fact I would be surprised there would be 170k criminals around the world using a single service I had never heard about, seems very high to me.
> In fact I would be surprised there would be 170k criminals around the world using a single service I had never heard about, seems very high to me.
Do you not think that, perhaps, criminals will know other criminals (I mean we're talking organize crime here), and will have whisper-networks in place? Or are you saying that you're plugged-in to what smugglers, etc. do and you had never heard of it?
He's saying he thinks that there would be 170k criminals forming a singular network seems like a high number.
To me, it sounds low. There are very niche interest websites with 750k accounts[1]. Further, 170k isn't the number of criminals, but the number of people who had interaction with Sky - Which may be basically anyone who had a shady friend.
The problem with our modern understanding of "innocent until proven guilty" is that unsubstantiated rumor can spark fire very quickly, while real damage can fly under the radar for a very long time. People who have been actually damaged often try to extricate themselves from the situation as quickly as possible, or end up trapped and pushing further into it. Without real numbers to back this up: If you marry an abusive spouse, Either you get a quick if painful divorce, or you normalize it and become embedded deeply in the relationship and cut off from your friends who tell you to get away, because their advice for setting boundaries only gets you hurt further.
I have no doubt that the niche interest of shady behavior can attract a few hundred thousand users, while staying unknown to anyone outside the niche.
[1] Furaffinity claims this number, as a standard internet oddity, but fimfiction.net boasts nearly 300k; Many other "weird" websites probably have numbers in the 50-500k range.
> If criminals were smart (his words), they’d use Signal or Whatsapp where they’d be a small percentage of the user base and authorities would have a much harder time to get court-allowed blanket access like they had with Sky or Encro.
How could I get a court order to get blanket access to Signal?
Oh, ok. I'd prefer he say things directly. For example, if someone insinuates criminals are stupid I tend to discount what they say, not try to infer the speaker's true meaning.
(Many criminals are extremely intelligent, but feel stymied from legitimate employment despite having smarts and skills, this is a well documented phenomenon.)
Yeah, I worry more about the device running Signal.
Is it up to date?
|
Any other apps with flaws?
And then any time the browser is used there's risk, especially since mobile devices are worse about supporting ad blocking - that's one reason I like Algo - block malicious stuff at the DNS level rather than worry your combination of privacy extensions is giving you security but also making you more fingerprintable (reducing privacy).
BUT I like Signal as a way to reduce ambiguity. (Eg: If I text you on Signal, it's unlikely someone snarfed that out of the air, and over time I can see where information is leaking, same goes for a voice chat)
Then it's down to trust, which is sadly an unsolved problem. (At least for this poster)
