Love seeing open source projects from companies that aren't specifically tech firms
this post was submitted on 23 Jun 2025
349 points (100.0% liked)
Technology
72831 readers
2798 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I saw the headline and was ready to rage about why they should just use signal instead. Then I read the article and honestly this is a fucking genius use of tech
I read it and don't understand. Why is this better than Signal? Or the 500 other secure file/messaging protocols?
Jabber seemed to work perfectly for Snowden...
Because analysing network traffic wouldn't allow an adversary to see what you're sending with Signal, but they could still tell you're sendig a secure message.
What the Guardian is doing is hiding that secure chat traffic inside the Guardian app, so packet sniffing would only show you're accessing news.
analysing network traffic wouldn't allow an adversary to see what you're sending with Signal
How are they analyzing network traffic with Signal? It's encrypted. And why does it matter if they know you're sending a message? Literally everyone using Signal is sending a message.
Timing of messages. They can't tell what you send, but can tell when
No they can't.
E: if someone wants to provide evidence to the contrary instead of just downvoting and moving on, please, go ahead.
It's called traffic analysis
It's called encryption
Packet data has headers that can identify where it's coming from and where it's going to. The contents of the packet can be securely encrypted, but destination is not. So long as you know which IPs Signal's servers use (which is public information), it's trivial to know when a device is sending/receiving messages with Signal.
This is also why something like Tor manages to circumvent packet sniffing, it's impossible to know the actual destination because that's part of the encrypted payload that a different node will decrypt and forward.
load more comments
(10 replies)
I run a cryptography forum
Encryption doesn't hide data sizes unless you take extra steps
How exactly do you think encryption prevents the analysis of seeing when an encrypted message is sent? It feels like you're trying to hand-waive away by saying "encryption means you're good!"
Cyber security is not my thing, but my understanding is that you'd still see network traffic - you just wouldn't know what it says.
Here's a relevant stack exchange question. Regarding what an ISP can learn. Of note, everybody is ceding that the ISP can tell you're using signal, and they've moved on to whether or not they'd be able to fingerprint your usage patterns.
How are they analyzing network traffic with Signal? It's encrypted
Not my specialty, but signals end to end encryption is akin to sealing a letter. Nobody but the sender and the recipient can open that letter.
But you still gotta send it through the mail. That's the network traffic analysis that can be used.
Here's an example of why that could be bad.
For one, ease of access. Say you’re trying to break a story, who are you going to message with signal? Because you’re going to need to get that contact info somehow right?
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Say you’re trying to break a story, who are you going to message with signal?
...The Guardian?
Because you’re going to need to get that contact info somehow right?
Use your browser? These are strange questions.
Snowden is permanently stranded in Russia. That’s not exactly a great example of an anonymous source.
Did you notice that I used the past tense?
Messaging protocols already resemble the frameworks that come out from time to time. And their effectiveness is due to the fact that they require a certain quota of users.
It's just a secure messaging app with a direct line to Guardian journalists. How to use 911 or special numbers when you're not feeling well.
Yeah this is insanely good
Similar to other apps, CoverDrop only provides limited protection on smartphones that are fully compromised by malware, e.g., Pegasus, which can record the screen content and user actions.
The tech behind the tool conceals the fact that messaging is taking place at all. It makes the communication indistinguishable from data sent to and from the app by our millions of regular users.
Reminds me of how the Germans in WW1 knew they couldn't trust their diplomatic codes anymore so they just sent the important messages in the normal, innocuous telegraph system and diplomatic pouches. They knew that foreign intelligence would be focused on the bogus secure messages.
Horrible name sadly
If you want to blow the whistle on somebody and wonder if the Guardian is trustworthy I suggest you ask Julian Assange.
view more: next ›