Signal, Govt Funding, & Mathematical backdoors in Encryption Algorithms

Govt funds Signal (NOT for protestors, Journalists, or the like) & others https://yasha.substack.com/p/spy-funded-privacy-tools-like-signal This includes Mathematical back-doors
https://www.theregister.com/2017/12/15/crypto_mathematical_backdoors/
Yeah, that’s pretty troubling. Like Tor, Signal might work if you’re chatting with your local neighborhood dealer to score a few grams of coke, but don’t expect it to protect you if you decide to do anything really transgressive — like organizing against concentrated corporate political power in the United States. For what it’s worth, I personally heard activists protesting the Democratic National Convention in Philadelphia tell me that the cops seemed to know their every move, despite the fact they were using Signal to organize.
https://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia
Here’s a small sample of what the Broadcasting Board of Governors funded (through Radio Free Asia and then through the Open Technology Fund) between 2012 and 2014:
Open Whisper Systems, maker of free encrypted text and voice mobile apps like TextSecure and Signal/RedPhone, got a generous $1.35-million infusion. (Facebook recently started using Open Whisper Systems to secure its WhatsApp messages.)
CryptoCat, an encrypted chat app made by Nadim Kobeissi and promotedby EFF, received $184,000.
LEAP, an email encryption startup, got just over $1 million. LEAP is currently being used to run secure VPN services at RiseUp.net, the radical anarchist communication collective.
A Wikileaks alternative called GlobaLeaks (which was endorsed by thefolks at Tor, including Jacob Appelbaum) received just under $350,000.
The Guardian Project — which makes an encrypted chat app called ChatSecure, as well a mobile version of Tor called Orbot — got $388,500.
The Tor Project received over $1 million from OTF to pay for security audits, traffic analysis tools and set up fast Tor exit nodes in the Middle East and South East Asia.

Below Excerpt taken from Mathematical Backdoors in Encryption Algorithms Article:
Filiol does not accept the industry-standard and widely reviewed AES algorithm is necessarily secure, even though he doesn’t have evidence to the contrary at hand.

“If I cannot prove that the AES has a backdoor; no one can prove that there is none,” Filiol told El Reg. “And honestly, who would be mad enough to think that the USA would offer a strongly secure, military grade encryption algorithm without any form of control?"

He added: “I do not. The AES contest has been organised by the NIST with the technical support of the NSA (it is of public knowledge). Do you really think that in a time of growing terrorist threat, the USA would have been so stupid not to organise what is known as ‘countermeasures’ in conventional weaponry? Serious countries (USA, UK, Germany, France) do not use foreign algorithms for high-security needs. They mandatorily have to use national products and standards (from the algorithm to its implementation),” he added.

Filiol concluded that reforms were needed in the way that cryptographic algorithms are selected, analysed and standardised. “It should be a fully open process mainly driven by the open crypto community,” he maintains. ®

Maybe people need to reevaluate why Telegram makes it’s own encryption. And why Telegram maybe the better option.
Full Article


Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

Did you ever stop to wonder why human technology seemed to have generally peaked between 1980 and the early 2000’s?

Which is more likely: that we as a species stopped creating technological breakthroughs 20 years ago (Instagram and Pr0nhub are not breakthroughs :laughing: ) or that said breakthroughs have overwhelmingly been usurped by government-level players?

While we are hopelessly outmatched by this level, in reality it doesn’t matter much to the typical user as the vast majority of people are not (ahem) transgressing at a level sufficient to get noticed. What does matter is the banal and pervasive corporate-level surveillance we as a society are constructing for ourselves and our posterity.

At this time, we are still able to opt-out if we so choose. One day, this calculus may change.

1 Like

Filiol does not accept the industry-standard and widely reviewed AES algorithm is necessarily secure, even though he doesn’t have evidence to the contrary at hand.

“If I cannot prove that the AES has a backdoor; no one can prove that there is none,” Filiol told El Reg.

What? So because they couldn’t figure out a backdoor on the de-facto gold standard of modern encryption, we should assume it has a backdoor in it? That seems like a terrible argument to make, but of course we shouldn’t assume there aren’t any either. But until that’s proven there’s also no reason to panic.

Maybe people need to reevaluate why Telegram makes it’s own encryption. And why Telegram maybe the better option.

Now this is interesting. Why would they talk AES down and then move on to recommend MTProto? Surely the same arguments for the former apply to the later? Rolling out your own custom algorithm for encryption is widely regarded as a bad idea because of the difficulty involved, which is precisely the whole point of this article and he (Filiol) admits so himself.

Even then, was there any research made around the security advantages of MTProto? Were any backdoors found in it? Afterall, “who would be mad enough to think that [insert country name ] would offer a strongly secure, military grade encryption algorithm without any form of control?”

the cops seemed to know their every move

What does that even mean?

Group chat communication works differently than a two party chat and encrypting that involves a whole new set of problems to overcome. But even assuming the encryption was perfect, this only applies to the communication in transit. What I mean by this is that is far easier to compromise a single device involved in the communication, than breaking the encryption itself.

Or you know, maybe the trained specialists in charge of monitoring the demonstration were just doing their jobs and were able to plan ahead. Or probably they had undercover agents, possibly already infiltrated in the group chat.

2 Likes

That’s why I think that more and more folks who are privacy minded will move to the Session private messenging platform.

It’s my understanding that even this method is subject to MITM (“Man in the Middle”) attack. Also, exit node packet sniffing is still an issue.

But I may not be totally up to speed on the particulars of this private messenger…!

1 Like

the argument in favor of telegram is self defeating…
if a known standard is a problem because it can contain a backdoor an unknown standard can also contain a backdoor, thus both are to be doomed unsafe. But, if anything, what is secret is unverifiable thus making it riskier.
We have to trust security standards enough that we use them and doubt them enough that we try to break them. Not trusting them because of the unknowns defies logic on itself.

1 Like

I think people are missing these links above when reading the post:



Formal Verfication of MTProto

“Controlled Opposition”

Can you talk about why Telegram maybe a better option? It’s obvious that the same arguments you are making against AES also apply to MTProto. Even more so since AES has been around for a lot longer and examined closely by more experts on the matter (hence the name: Advanced Encryption Standard).

1 Like