Anyone with a brain should already know these apps are not secure anyway.
WhatsApp has historically been the known number one app used infiltrate spyware onto phones globally. Google anything about *pegasus* software and it will tell you everything on that front.
When the UAE govt banned blackberry entirely from the country for failing to disclose their encryption keys … what apps kept working?
why do WhatsApp messages from the preponderance of reported evidence in so many court cases in the UAE? If the platform is secure and even the FBI can’t hack phone locks?
none of this makes sense until you realise these platforms ARE NOT SECURE.
I hate to be a conspiracy nut but this is all a smokescreen for something.
We had a person for lunch one Sunday (granddaughter of a friend of my MiL). She was yabbering on about some secure platforms and why we needed to ditch WhatsApp. Asked her, yeah, but everyone we know is on WhatsApp. So being on a supersecure platform to stop the Israelis reading whether or not I'll be 15 mins late to the boozer, but also having no-one receive my messages... Yeah. And if they know I need to pick up milk, that's cool too.
My point is that this move by these companies saying they will pull out of the UK due to this proposed legislation for these reasons… is just bullshit.
and the govt seeking these keys is also bullshit because this can already be done.. presumably they just don’t want to pay the Israeli license fees 🧐
Or have the Israelis know who they are spying on .. since it’s a PaaS system only…
Also if the carrier of the message is responsible for stopping child porn…
where is the same responsibility for the mail service? Do they need to check every litter for inappropriate images and crimes? What about email service providers? Does every email need to be checked?
what about every ISP that is used to access child porn? Do they need to monitor all downloads since they are the ‘carrier’?
Oh, I do care about privacy. And if I were a likely target of Pegasus, I'd WhatsApp my pals about social stuff and use BatFoneComz for my overthrowing repressive regimes. She was a young woman who had a series of temp jobs, but was cutting herself off from friends as she refused to WhatsApp because bad actors were reading her messages. WhatsApp is free and available and everyone uses it. And where I live, I'm more concerned about GCHQ than the Saudis.
Pegasus can probably read messages for the Saudi. This proposed legislation isnt a law. As things stand, I'm happy enough with the level privacy I have.
If the law changes, then I'll re-evaluate. But moving to a different platform to safeguard privacy, when no-one else is on it means there's no point. And if all platforms in the UK are impaired by the legislation, then we will all need enigma machines or some shizzle. Nite.
Also FYI Pegasus not only reads messages.. it uploads the entire contents of your phone, records all your calls and can turn your phone into a remotely activate surveillance device and sends all this information including your entire photo library to a server in Israel.
Scylla if you want to avoid the authorities and share your secret content without risk of legal consequences then you should look into getting an encrygma or similar.
Pegasus not only reads messages.. it uploads the entire contents of your phone, records all your calls and can turn your phone into a remotely activate surveillance device and sends all this information including your entire photo library to a server in [ ]
Don't most other apps people download vonlutarily also do this?
I don’t have secret content that I need to share … I’m just highlighting that these apps aren’t secure.. so this is a bullshit excuse to create legislation that further erodes privacy.
Pegasus does not in any way bust whatsapp’s end to end encryption.
Modern encryption tech is way ahead of code breaking tech. Quantum code breaking may change that in time although quantum encryption is possible too. But right now, encryption is formally unbustable, and these scenes in films where the Feds or CIA can decrypt anything in seconds are fantasy. To break even the basis encryption functionality offered by a five quid bit of freeware would take them ten centuries and more processing power than they could ever buy, same as anyone else.
UNLESS the gov has a back door into the software, of course, which is what whatsapp are resisting here, and they are absolutely right to.
Pegasus compromises the phone, The encryption on whatsapp and other comma apps is “end to end”. Once it’s reached your phone, a message has reached the end, and on your phone it’s not encrypted. So it can be read by spyware, Pegasus is just spyware - it’s not actually especially sophisticated, except for the subterfuge that has been employed getting it into the generally well guarded ios eco system
“Most people's "smart" home central heatitng thermostats are recording their conversations and uploading them to a server overseas.”
this is, of course, not correct, but I do refuse to have alexa in my house for related reasons
although your phone, if compromised, could in theory record you although my understanding is that it is very difficult in ios to get malware to activate physical device peripherals like camera or mic
People who think “they’re not watching me” - in truth, if Pegasus or similar is on your phone, then those using it probably are watching you at some level, ie they’re running everything ripped from your phone through an AI algorithm that red flags certain things for elevation. But it’s very very unlikely that any normal person living in a free democracy (or even Braverman’s Britain) is getting red flagged.
The other thing about these spyware programs, even the highly engineered ones, is that they rely on upload ie on network transmission, and this means that it would actually be fairly easy for the networks to shut them down. I bet Pegasus’ nasty little bursts of life-rinsing upload have, no matter how clever it’s developers think they are, a pretty distinctive footprint in terms of data usage. The networks could scan for it and shut it down. Why don’t they? Because government doesn’t want them to, hence this thread.
WhatsApp evidence has to be disclosed in court cases, that's why it's so common.
cf. the Wagatha Christie case where the lovely Becky Vardy and her equally attractive manager had to get rid of their WhatsApp conversations so they had an excuse for not disclosing them.
It's the compulsory third-party interference in WhatsApp security that's the issue here.
I lean in favour of the security; I don't doubt for a second that if they can't use WhatsApp then criminals will use something else.
As for Pegasus, it doesn't do anything that requires it to overmatch WhatsApp encryption. End to end encryption means just that; but Pegasus actually hijacks your entire phone, and therefore has access to the unencrypted versions of your WhatsApp conversations that are on your phone.
It's equivalent to not needing to jack into a home security system because you're watching the homeowner punch his code into the keypad over his shoulder.
In movies and so forth you often see a series of empty boxes on the screen which fill one by one as the decryption software works out what character goes in the box. It will usually take several seconds of screen time.
In reality it would happen so quickly it would apparently be immediate. This would be true even if there were like, a thousand boxes. CPUs carry out millions of instructions per second.
What actually happens is that you have to get all the boxes in one go. If you don't get it right, you have to try again with a different combination. Usually you only get a limited number of tries.
People should know this because even logging on to Windows requires you to get all the characters correct; if you get one wrong it will throw you out and make you do it all over again. And even in Windows if you make enough wrong guesses it will lock you out and you'll have to contact Microsoft to get back in.
My regular password has 21 characters - lowercase, uppercase, numbers and symbols. Using brute-force methods would take longer than the age of the universe to crack.
How it was created is this: take a song you know well. Take three or four lines of lyrics. You'll want at least twenty words. Take the first letter of each word. That's your underlying password. Have some letters as lowercase and some as upper. Take some of the letters and turn them into numbers - 1=l, 5=S, that sort of thing. Take other letters and turn them into symbols - !=1, @=a, $=s.
Eg: from Nancy Sinatra's Something stupid: ikisiluytyhtttsaewm
becomes
iki$ilUytyhttt5@aeWm
...and there's your base password.
Then, add letters as a prefix or suffix to denote the usage of that password,eg.
nfiki$ilUytyhttt5@aeWm for netflix
iki$ilUytyhttt5@aeWmgp for your doctor's website
which should keep you going until they discover how to make quantum computing work! Every time you need to use the password you just sing it in your head and the replacement characters soon get memorised.
0
0
Leave uk potentially
https://www.bbc.co.uk/news/technology-64863448
0
0
Lose your messages?
2
0
I don't blame them. It undermines their entire USP.
2
0
They are absolutely right to take the line they’re taking.
2
0
makes sense tbh
either you live in a society where the government has access to your communications, or you choose not to (if you can ofc)
they’re completely right to remove their services
0
0
Do 98% of people in this country really object to " "accredited technology" to identify and remove child-abuse material."
I have no problem with that whatsoever. I'll give up a bit of privacy to protect children from paedos.
I can't really be in a 2% minority with that view.
0
0
I agree.
0
0
that’s not actually what’s driving this ofc, and breaking whatsapp’s security cordon will have zero effect on peedos anyway
there are lots of good reasons for places to exist that are more or less totally beyond the reach of government
4
0
The UK Gov trying to find ways to monitor or shutdown the most effective mass protest organising channels on the internet isn't worrying at all.
Criminal pervs like Dettol will never find another way to share their double plate filth.
0
0
Reported
0
0
Nothing to hide, nothing to fear.
https://www.bloomberg.com/news/articles/2005-08-07/online-extra-big-bro…
0
0
This is lollersome.
Anyone with a brain should already know these apps are not secure anyway.
WhatsApp has historically been the known number one app used infiltrate spyware onto phones globally. Google anything about *pegasus* software and it will tell you everything on that front.
When the UAE govt banned blackberry entirely from the country for failing to disclose their encryption keys … what apps kept working?
why do WhatsApp messages from the preponderance of reported evidence in so many court cases in the UAE? If the platform is secure and even the FBI can’t hack phone locks?
none of this makes sense until you realise these platforms ARE NOT SECURE.
I hate to be a conspiracy nut but this is all a smokescreen for something.
0
0
https://amp.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones
the UAE govt was a licensed user of this software.. their licence was terminated after someone got caught spying on a runaway wife’s lawyers with it…
https://www.business-humanrights.org/en/latest-news/uae-nso-terminates-contract-with-govt-following-court-ruling-pegasus-spyware-was-used-to-hack-dubai-rulers-ex-wife-incl-co-comment/
0
0
Same software was used on Jamal Khashoggis fiancés phone.
https://www.washingtonpost.com/investigations/interactive/2021/jamal-khashoggi-wife-fiancee-cellphone-hack/
0
0
We had a person for lunch one Sunday (granddaughter of a friend of my MiL). She was yabbering on about some secure platforms and why we needed to ditch WhatsApp. Asked her, yeah, but everyone we know is on WhatsApp. So being on a supersecure platform to stop the Israelis reading whether or not I'll be 15 mins late to the boozer, but also having no-one receive my messages... Yeah. And if they know I need to pick up milk, that's cool too.
0
0
That’s fine Jelly.
if you don’t care about privacy that’s up to you.
My point is that this move by these companies saying they will pull out of the UK due to this proposed legislation for these reasons… is just bullshit.
and the govt seeking these keys is also bullshit because this can already be done.. presumably they just don’t want to pay the Israeli license fees 🧐
Or have the Israelis know who they are spying on .. since it’s a PaaS system only…
0
0
Also if the carrier of the message is responsible for stopping child porn…
where is the same responsibility for the mail service? Do they need to check every litter for inappropriate images and crimes? What about email service providers? Does every email need to be checked?
what about every ISP that is used to access child porn? Do they need to monitor all downloads since they are the ‘carrier’?
all utter bullshit.
0
0
For the record I’m not against using technology to monitor and prosecute the crime of child porn.
I’m just saying it’s a bullshit excuse being used to justify this measure because anyone opposed to *child porn* must be a wrong un.
0
0
Oh, I do care about privacy. And if I were a likely target of Pegasus, I'd WhatsApp my pals about social stuff and use BatFoneComz for my overthrowing repressive regimes. She was a young woman who had a series of temp jobs, but was cutting herself off from friends as she refused to WhatsApp because bad actors were reading her messages. WhatsApp is free and available and everyone uses it. And where I live, I'm more concerned about GCHQ than the Saudis.
0
0
If you are more worried about GCHQ then you should be more worried about this proposed legislation.
0
0
I am.
0
0
Basically WhatsApp is secure enough for me. This makes it less secure, so nopes.
0
0
Ok. So I’m not sure how that fits with..
******
‘ I'll be 15 mins late to the boozer, but also having no-one receive my messages... Yeah. And if they know I need to pick up milk, that's cool too. ‘
0
0
Pegasus can probably read messages for the Saudi. This proposed legislation isnt a law. As things stand, I'm happy enough with the level privacy I have.
If the law changes, then I'll re-evaluate. But moving to a different platform to safeguard privacy, when no-one else is on it means there's no point. And if all platforms in the UK are impaired by the legislation, then we will all need enigma machines or some shizzle. Nite.
1
0
Thing is the further and further we allow such encroachments on our privacy because we don’t care about someone knowing we need milk..,
the harder and harder we make it for those attempting to resist tyranny (and there is plenty of that).
Control of communications is a key form of repression and control.
just ask China.
0
0
Also FYI Pegasus not only reads messages.. it uploads the entire contents of your phone, records all your calls and can turn your phone into a remotely activate surveillance device and sends all this information including your entire photo library to a server in Israel.
and it’s licensed to a whole range of countries….
just ask how Jeff Bezos dick picks got released…
0
0
Scylla if you want to avoid the authorities and share your secret content without risk of legal consequences then you should look into getting an encrygma or similar.
0
0
Don't most other apps people download vonlutarily also do this?
0
0
Most people's "smart" home central heatitng thermostats are recording their conversations and uploading them to a server overseas.
0
0
https://www.amazon.co.uk/Surveillance-society-Monitoring-Everyday-Socie…
0
0
Lol, that was not the link. Twenty years later....
https://www.amazon.co.uk/Age-Surveillance-Capitalism-Future-Frontier/dp…
1
0
I don’t have secret content that I need to share … I’m just highlighting that these apps aren’t secure.. so this is a bullshit excuse to create legislation that further erodes privacy.
1
0
I also don’t have any Alexa type whiz .. or smart home devices.
and I avoid downloading any apps that aren’t essential.
1
0
As for smart home heating… the day they build a robot that can light my wood fire and add wood to it.. I might think about it.
1
0
Bonus points if it also cuts the wood.
0
0
I can do that Dave.
0
0
“Reported”
I unreported it
1
0
Pegasus does not in any way bust whatsapp’s end to end encryption.
Modern encryption tech is way ahead of code breaking tech. Quantum code breaking may change that in time although quantum encryption is possible too. But right now, encryption is formally unbustable, and these scenes in films where the Feds or CIA can decrypt anything in seconds are fantasy. To break even the basis encryption functionality offered by a five quid bit of freeware would take them ten centuries and more processing power than they could ever buy, same as anyone else.
UNLESS the gov has a back door into the software, of course, which is what whatsapp are resisting here, and they are absolutely right to.
Pegasus compromises the phone, The encryption on whatsapp and other comma apps is “end to end”. Once it’s reached your phone, a message has reached the end, and on your phone it’s not encrypted. So it can be read by spyware, Pegasus is just spyware - it’s not actually especially sophisticated, except for the subterfuge that has been employed getting it into the generally well guarded ios eco system
0
0
Pegasus is a good reason to change your phone every 2yrs tho. Although the idea that it’s on everyone’s phone is BS, it is not in retail distribution.
0
0
“Most people's "smart" home central heatitng thermostats are recording their conversations and uploading them to a server overseas.”
this is, of course, not correct, but I do refuse to have alexa in my house for related reasons
although your phone, if compromised, could in theory record you although my understanding is that it is very difficult in ios to get malware to activate physical device peripherals like camera or mic
0
0
although when I say “that’s my understanding”, this is based solely on what bloke down pub said
0
0
Lol. Anyone on here worrying about any of this for their personal lives has a very inflated sense of their own importance.
response: have you seen rof?
mossad: can you please remind me to buy spread at waitrose on Saturday. Ta muchly
0
0
People who think “they’re not watching me” - in truth, if Pegasus or similar is on your phone, then those using it probably are watching you at some level, ie they’re running everything ripped from your phone through an AI algorithm that red flags certain things for elevation. But it’s very very unlikely that any normal person living in a free democracy (or even Braverman’s Britain) is getting red flagged.
The other thing about these spyware programs, even the highly engineered ones, is that they rely on upload ie on network transmission, and this means that it would actually be fairly easy for the networks to shut them down. I bet Pegasus’ nasty little bursts of life-rinsing upload have, no matter how clever it’s developers think they are, a pretty distinctive footprint in terms of data usage. The networks could scan for it and shut it down. Why don’t they? Because government doesn’t want them to, hence this thread.
0
0
I don give a flying fug about privacy. Quite happy to have Alexa and the like in my house. I'm not a conspiracy nutcase so that helps
0
0
Wouldn't worry about GCHQ. It doesn't have the funding to do all the stuff it needs to do, let alone snooping on random private citizens.
0
0
Why would you deal with a fence by 'digging round the end of it'?
You might dig underneath it, or walk around the end, but there's no point in doing both.
0
0
WhatsApp evidence has to be disclosed in court cases, that's why it's so common.
cf. the Wagatha Christie case where the lovely Becky Vardy and her equally attractive manager had to get rid of their WhatsApp conversations so they had an excuse for not disclosing them.
It's the compulsory third-party interference in WhatsApp security that's the issue here.
I lean in favour of the security; I don't doubt for a second that if they can't use WhatsApp then criminals will use something else.
0
0
As for Pegasus, it doesn't do anything that requires it to overmatch WhatsApp encryption. End to end encryption means just that; but Pegasus actually hijacks your entire phone, and therefore has access to the unencrypted versions of your WhatsApp conversations that are on your phone.
It's equivalent to not needing to jack into a home security system because you're watching the homeowner punch his code into the keypad over his shoulder.
0
0
@SirWoke: exactamundo
In movies and so forth you often see a series of empty boxes on the screen which fill one by one as the decryption software works out what character goes in the box. It will usually take several seconds of screen time.
In reality it would happen so quickly it would apparently be immediate. This would be true even if there were like, a thousand boxes. CPUs carry out millions of instructions per second.
What actually happens is that you have to get all the boxes in one go. If you don't get it right, you have to try again with a different combination. Usually you only get a limited number of tries.
People should know this because even logging on to Windows requires you to get all the characters correct; if you get one wrong it will throw you out and make you do it all over again. And even in Windows if you make enough wrong guesses it will lock you out and you'll have to contact Microsoft to get back in.
My regular password has 21 characters - lowercase, uppercase, numbers and symbols. Using brute-force methods would take longer than the age of the universe to crack.
How it was created is this: take a song you know well. Take three or four lines of lyrics. You'll want at least twenty words. Take the first letter of each word. That's your underlying password. Have some letters as lowercase and some as upper. Take some of the letters and turn them into numbers - 1=l, 5=S, that sort of thing. Take other letters and turn them into symbols - !=1, @=a, $=s.
Eg: from Nancy Sinatra's Something stupid: ikisiluytyhtttsaewm
becomes
...and there's your base password.
Then, add letters as a prefix or suffix to denote the usage of that password,eg.
which should keep you going until they discover how to make quantum computing work! Every time you need to use the password you just sing it in your head and the replacement characters soon get memorised.
If anyone finds that useful, that's great.
0
0
18 characters no complexity is all you need
Ilovewatchingbirdsplay
For example. Piece of piss to remember and uncrackable
Join the discussion