ronsor38 minutes ago
From one Twitter user:
> It's just a demo instance, but, these front ends are barely revealed to the public
This genuinely doesn't look any different from the control panels of commercial infostealers and RATs sold on Russian hacking forums. Those usually sell for between $200 and $20,000 depending on features and pricing model (one-time vs. ongoing subscription).
These spyware companies hype themselves up, but they're really not any different from Ivan's RAT-as-a-Service, besides having extra exploits to burn and wealthier customers.
recursivecaveatan hour ago
This company btw for anyone else who had not heard of them before (there are a lot of companies by that name): https://en.wikipedia.org/wiki/Paragon_Solutions
phendrenad2an hour ago
It's too bad that "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" has become "we can download a full copy of all of your files at any time, or continually, if we feel like it, even if we don't suspect you of a crime".
[deleted]an hour agocollapsed
phendrenad2an hour ago
Non-X link: https://archive.is/kqvnH
rtaylorgarlockan hour ago
Looks like image was removed and maybe only a demo?
moralestapiaan hour ago
Awesome.
Moxie's "unbreakable" end-to-end communication protocol.
thmsths43 minutes ago
The message can't be intercepted in transit, since we are talking about spyware, I assume they get it from the device, hard to defend against that if they have access to your process' memory space.
Hamuko42 minutes ago
Surprising that end-to-end encryption doesn't really matter when you get into one of the ends.
ASalazarMX31 minutes ago
Even if you had to input your private key every time you wanted to read or send a message, having malware in your phone voids practically any form of encryption, because it has to be decrypted eventually to be used.
akimbostrawman36 minutes ago
not at all. there is no encryption that can save you when one of the legitimate participants is somehow compromised. doesn't even need to be a sophisticated device compromise, literal shoulder surfing does that too.
moralestapia35 minutes ago
Thanks GPT, but that's exactly what GP was saying.
moralestapia41 minutes ago
>The message can't be intercepted in transit
Lol, so like ... all encryption schemes since the 70s?
sowbug31 minutes ago
They do have stronger schemes, which are called hash functions.
moralestapia29 minutes ago
What?
Hashing is not encrypting.
You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
sowbug13 minutes ago
> What?
> Hashing is not encrypting.
> You can learn more about the topic here, https://www.okta.com/identity-101/hashing-vs-encryption/
Thank you for that link. Your original comment implied that Signal's threat model should have included an attacker-controlled end. A hash function is an excellent solution to such a threat.
p-o16 minutes ago
Hashing is a part of encryption, maybe you are the one who needs to shore up on the topic?
aipatselarom11 minutes ago
Nice try. However, hashing and encryption are two different operations.
Load this page, https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Ctrl-F "hash". No mention of it.
Before being pedantic at least check out the url in that comment to get the basics going.
Insanity43 minutes ago
How is this related?
moralestapia38 minutes ago
I see there's some room for ambiguity.