France moves to break encrypted messaging

Posted by Cider9986 1 day ago

France moves to break encrypted messaging(reclaimthenet.org)

278 points | 133 commentspage 3

EGreg 1 day ago|

One of many simultaneous attempts all around the world:

https://community.qbix.com/t/the-global-war-on-end-to-end-en...

And by the way, this article mentions other things already in place, such as being able to commandeer your device and spy on it without breaking encryption:

https://community.qbix.com/t/increasing-state-of-surveillanc...

jmclnx 1 day ago||

Lets pretend this happens, I am curious how it would work.

So a person in Canada messages someone in France who's WhatsApp is not encrypted. But the message from Canada is encrypted. Will the person in Canada's message have to be sent unencrypted ? Or will WhatsApp Canada need to allow France to break Canada's encryption ?

Personally I think it would be easier for these apps to ban people in France from using their service.

EMIRELADERO 1 day ago|

They would have used the "ghost user" strategy.

> "Perrin now offers a different framing. “Article 8 ter, which I had adopted, was not at all aimed at obtaining encryption keys but at introducing a ghost participant into a conversation before encryption,” he says. The “ghost participant” approach, sometimes called a ghost user proposal, was floated by GCHQ in 2018 and rejected by every major privacy organization, civil liberties group, and security researcher who looked at it. The idea is that the platform silently adds a third recipient, an invisible intelligence agent, to a supposedly two-person conversation. Users never see them. The encryption technically still works, except that one of the parties is the state."

mmooss 16 hours ago||

> The “ghost participant” approach, sometimes called a ghost user proposal, was floated by GCHQ in 2018 and rejected by every major privacy organization, civil liberties group, and security researcher who looked at it. The idea is that the platform silently adds a third recipient, an invisible intelligence agent, to a supposedly two-person conversation. Users never see them. / The encryption technically still works, except that one of the parties is the state.

It's an innovative idea. What defenses against this attack are in WhatsApp, Signal, etc. right now?

(In any situation, attackers can attack endpoints: If they can see what the user sees, apps and encryption don't matter. They could attack remotely, or in the case of higher-interest targets, physically.)

First, does the service mediate the group chat? If the messaging is peer-to-peer [0] with no server mediating, then someone would of course need to attack a peer as described above. I know Signal supposedly has no metadata, including chat participants; I don't know what mediation they do.

If the service does mediate the chat somehow, then an attacker could theoretically add themselves to the group. Hiding - the 'ghost' part - from the rest of the group seems trickier, but maybe that's also possible server-side.

[0] 5 users doing a mesh of multicast peer-to-peer video sounds like a utilization and quality nightmare.

fithisux 1 day ago||

A public ballot should be held for this.

Governments act as kings.

sMarsIntruder 1 day ago||

Liberté, Égalité, Fraternité.. et Surveillance-té

Razengan 1 day ago||

With the first link, the chain is forged.

We're into way many links already.

Isn't this the country that beheaded their rulers?

Mars008 1 day ago||

The big problem here is that Veracrypt development is done there if I'm not mistaken. Probably time to get back to trusted old TrueCrypt.