this post was submitted on 04 May 2025
817 points (99.8% liked)

politics

23359 readers
3154 users here now

Welcome to the discussion of US Politics!

Rules:

  1. Post only links to articles, Title must fairly describe link contents. If your title differs from the site’s, it should only be to add context or be more descriptive. Do not post entire articles in the body or in the comments.

Links must be to the original source, not an aggregator like Google Amp, MSN, or Yahoo.

Example:

  1. Articles must be relevant to politics. Links must be to quality and original content. Articles should be worth reading. Clickbait, stub articles, and rehosted or stolen content are not allowed. Check your source for Reliability and Bias here.
  2. Be civil, No violations of TOS. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
  3. No memes, trolling, or low-effort comments. Reposts, misinformation, off-topic, trolling, or offensive. Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
  4. Vote based on comment quality, not agreement. This community aims to foster discussion; please reward people for putting effort into articulating their viewpoint, even if you disagree with it.
  5. No hate speech, slurs, celebrating death, advocating violence, or abusive language. This will result in a ban. Usernames containing racist, or inappropriate slurs will be banned without warning

We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.

All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.

That's all the rules!

Civic Links

Register To Vote

Citizenship Resource Center

Congressional Awards Program

Federal Government Agencies

Library of Congress Legislative Resources

The White House

U.S. House of Representatives

U.S. Senate

Partnered Communities:

News

World News

Business News

Political Discussion

Ask Politics

Military News

Global Politics

Moderate Politics

Progressive Politics

UK Politics

Canadian Politics

Australian Politics

New Zealand Politics

founded 2 years ago
MODERATORS
outrageousmatter@lemmy.world
aidan@lemmy.world
jordanlund@lemmy.world
little_cow@lemmy.world
Theonetheycall1845@lemmy.world
JuBe@lemmy.world
Lasherz12@lemmy.world
817
The Signal Clone the Trump Admin Uses Was Hacked | TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked. (www.404media.co)
submitted 1 day ago by silence7@slrpnk.net to c/politics@lemmy.world
82 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] JeeBaiChow@lemmy.world 10 points 1 day ago (3 children)

Actually, I'm more surprised people continue to believe the 'end to end' claims of these companies.

[–] silence7@slrpnk.net 91 points 1 day ago* (last edited 1 day ago) (2 children)

Signal makes it believable by providing source code and reproducible builds. It doesn't rule out the possibility that they've done something clever with the random number generator, or have the app store you use give you a compromised app, or provide any protection against endpoint compromise, but it's about as good as you can get.

Third party apps derived from theirs, which explicitly promise to log all your messages to a server somewhere, like TeleMessage, are, for obvious reasons, far less trustworthy.

[–] jaybone@lemmy.zip 6 points 1 day ago (2 children)

Question: how can they even claim it’s e2ee if they also claim to log all the messages? Or is the claim that they log the messages in encrypted form? In which case any client(s) with the only copy of the keys could delete them, making the logs useless.

[–] merc@sh.itjust.works 11 points 1 day ago (1 children)

how can they even claim it’s e2ee if they also claim to log all the messages?

Who are the various "they"s in that question?

Signal claims that if you use the Signal app, it's end-to-end encrypted. The Trump admin was using an unofficial Signal-compatible app TM SGNL which probably didn't make those claims. And, Signal definitely never claimed that TM SGNL was end-to-end encrypted. In fact, it's likely TeleMessage violated the copyrights and trademarks belonging to Signal with their app.

But, in the end, the messages were still technically end-to-end encrypted. It's just that as soon as the messages arrived at one of those ends, they were sent to TeleMessage who archived them unencrypted in AWS. It's still end-to-end encrypted, it's just that one of those ends is incredibly leaky.

[–] Randelung@lemmy.world 6 points 20 hours ago (1 children)

unencrypted in AWS

oh... mygod.

[–] merc@sh.itjust.works 5 points 18 hours ago* (last edited 18 hours ago) (1 children)

Yeah. The level of incompetence is impressive. Full data and metadata for all customers all dumped together in one datastore, stored in the clear in AWS.

"The data includes apparent message contents; the names and contact information for government officials; usernames and passwords for TeleMessage’s backend panel; and indications of what agencies and companies might be TeleMessage customers."

...

"The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia."

...

"“If I could have found this in less than 30 minutes then anybody else could too. And who knows how long it’s been vulnerable?” the hacker said. "

[–] Randelung@lemmy.world 2 points 12 hours ago

"I'll just put this together as proof of concept. I'll look at security later.

Okay great, it works, now no need to ever touch it again."

[–] tamman2000@lemm.ee 3 points 1 day ago* (last edited 1 day ago)

I don't know how they claim that would work. But it's important to note that only telemessage makes that claim, not signal.

[–] xor@lemmy.dbzer0.com 7 points 1 day ago

well they’ve also had great peer code reviews, and the reproducible builds lets you know they’re not putting a different version on the app store….

[–] huppakee@lemm.ee 23 points 1 day ago

Even with e2e security there is 2 e's that can get compromised, their use of a altered version of the app on one end is enough to cancel out the whole encryption part it, also on the other end.

But in this case it's like they have a lock for their garage door that is different from the lock on their car so they can't steal the car when somebody steals the key to the garage door, but then think they can leave the keys in the lock because there is a lock (encryption) on the doors.

[–] A_norny_mousse@feddit.org 2 points 1 day ago* (last edited 1 day ago)

Signal? Why wouldn't they? Why would they want to claim E2EE, then steal people's chats, and try really hard to make it completely invisible? Which would probably fail since it's FOSS. Not everything is a conspiracy. Sure, they will sell user's metadata eventually (if they aren't doing it already) or become a paid app, maybe even add advertisments, who knows (nothing is safe from enshittification).

TeleMessage is a different thing altogether. Their "claim" is pretty much the opposite: take a known E2EE app and make it completely transparent.