thetraveller1

They are now allowed to use violence here for FaceId and fingerprint unlock. Which is why I always make sure I use lookdown mode before putting my phone away.

. They never asked for my passcode because they probably knew my answer would be "I dont remember my password".

    Nuttso Symmetric encryption is quantum safe. Asymmetric encryption not. This is why we try really hard to get funding for molly to implement a quantum safe algorithm.

    Thought I sent a reply about last replies, guess it didn't.. I don't think AES with a good enough key size is weak by any means, I just think:

    • Science can be very unpredictable sometimes
    • Most people wont go out of their way to target the encryption, but the systems that make the encryption possible. While I think this is completely miniscule of a risk for a securely designed system like Pixels, all about time, budget and interest.

    I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon. I'm not much into the quantum/science stuff though so I can't comment.

    zzz There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.

    As someone in there this is true. Too much obsession with commercial trends, and creating useless solutions from a lot of junk put together (eg. Blockchain technologies + something like Childcare).

    V1king They are now allowed to use violence here for FaceId and fingerprint unlock.

    Personally if I was at risk of violence I'd only use GrapheneOS + everything on a profile so I can delete that profile during a tough time, although I'm not at risk of either so maybe I can't think of any better plan.

      V1king I reinstalled the OS and verified that nothing was tampered with and all is good.

      For the Pixel the auditor app and the remote attestation service are supposed to warn you when the phone get tampered. You don't use them ?

      You verified that nothing was tampered after new OS install ? In case of hardware tampered, fresh GOS and attestation install not sure if the auditor and attestation service will detect this.

      It's unfortunate that people that are educated on privacy and value their privacy from "big tech", that software like GrapheneOS is known outside of the privacy community as used by "criminals" or "hackers", etc..

        The ignorant are ruled by their perceptions.

        Everything is used by criminals, and laws only stop those honest enough to obey them.

        spiral Honestly, I don't know what GOS stands for, so I am not sure how to take that response. My response was very neutral and my true feelings on the subject. My apologies if I have offended you.

          zeroNULLvoid it's unfortunate that people have to break the law so we could gain equal rights for everyone on this planet. The war on drugs is a joke. The only solution is legalization of every substance. Nothing else will change what is happening now. As long as this doesn't change. Criminals will use gos or similar.

          And having high ranking criminals use grapheneos is the best that can happen to grapheneos. Free forensic and penetrating testing against the OS.

          6 months later

          Nuttso

          Europol sent packages to their partner countries of skyecc hacks and evidence.
          In one of the packages it could be seen how the hack was done because they sent more than just raw transcripts. I emailed the evidence to the owner of crimesit- he was astonished, said he would publish, but never did. Which i find weird. It was a pretty sophisticated method with cooperation by the network provider and the server hosting company. Def was not like sky owner claimed that they sold already rigged phones to customers and that users who have original phones are safe.
          Also it was not a virus like in the encro case.
          I will give you a hint that Location was extracted by simply reading the apn of the cellular provider. So stupid and simple.
          Only mystery was if they could read all the messages or only the ones on those particular servers that they seized. Sky was said to have 5 servers and 2 of those were seized.
          Somebody more tech savy maybe can answer the q since i am not aware how servers and users are dispersed.
          The same hack can be replicated on all centralized servers, so the question is just if its different scenario with signal because of US legislation, because its broadly used or its just a matter of time…
          Until then i stay away from apps with centralized servers.

            Dangor Mail me the stuff. Afaik they compromised the signing key. End to end encryption isn't breakable if you compromise the server. You make it sound like they only needed access to the servers. They can hack all the signal/Amazon servers. They won't decrypt any messages. Implementing end to end is easy now days. Law enforcement has encrypted messages of sky. And they have way more messages than encrochat. So there must be more than the telcos assistance and the server providers.

            Mail me the documents. We will publish them.

              Nuttso They have used a emulator attack.
              First scanned the server of sky. Step 2 Cloned the server of sky, set up in a nearby location a server with the same configuration practically a clone server. With the assistance of the providers just redirected(duplicated) the traffic, so just mimicked the original server and its functions. Here only unknown to me is if they were getting the messages unencrypted or encrypted. I would say somehow before encryption because its hard to break 512 eclyptical encryption.
              Seizing the sky server was just a charade.
              Sky was surely operating on multiple servers due to the fact that even after seizing they continued operating for few days, so mystery 2 is if they seized all users messages or only users connected to the server in france.
              I never heard nobody arrested in Uk, south america or any other region besides europe.
              Send on what email?
              P.s: btw who says sky had encryption? The owner? It was not open sourced so we have no idea maybe was just a stupid app with a lot of marketing pump.

                Nuttso You should give him your email because if he uploads it to privnote and shares the link here someone will already click on it and destroy the note.

                  • [deleted]

                  • Edited

                  final I would love to see Kyber or other NIST PQ algorithms get tried out in messaging applications soon.

                  There seems to be a lot of opposition to Kyber by D. J. Bernstein, Who's the Designer of Chacha20. He even wrote a article named "Debunking NIST's calculation of the Kyber-512 security level". Also, I think we're being too much off-topic, so maybe we should create another thread for this?

                  GrapheneLover I don't have a disposable email right now @Dangor upload the link to another host. If you want to make it public. If you want me to censor it prior to making it public give me some time or email it my lawyer.

                  info@andremiegel.de

                  He will share it with me and my other lawyer who is the chairman of all crime lawyers. But can't share his personal mail here

                    See this is an old thread brought back to life. OP did not state what country and how long the police had his phones. In the U.S. the police need a search warrant signed by a judge to search your phones. Also, they tend not to return them if they have probable cause (which is required for a search warrant) if they can't get the data they want from the phone. Even if they get the data, they will hold the phone for a while because if the data shows anything criminal, they will keep the phone as evidence.

                    Nuttso a free Protonmail made in minutes isn't secure enough for this?

                    You said "we gonna published it" in answer to Crimesite doesnt. Who or where is "we" so we the GrapheneOS Discussion Forum Members like me in particularly who interested as well can read this.

                    Thank you in advance, both of you!

                    In the Netherlands some judges do ask law enforcement how they got all the Sky and Encro data in answer to the defence lawyers who claimed the way wasn't legal. I heard, heard not speculate but also no fact, the dutch police did succeeded this operation because of the help or of the purchase hardware/ software from NSO group in Israel. Because NSO group work(ed) with countries/ organizations know as terrorists it is illegal for The Netherlands to do business with this company. They solved this "problem" and made it legally by "give" the data to France (not public!) who give it back to The Netherlands so it (the way took data from Sky and Encro users) was done by France and not The Netherlands. The official statement dutch law enforcement made was that they worked together with France. Now their evidence was "legal" and they used many times in court the excuse they "don't know how" in answer to a judge who ask about. Funny part France did say it was The Netherlands and not France who lead the operation. Some Sky/ Encro users are already convicted and in jail for by judges, some judges didn't go with the story and let the suspects go free, last time law enforcement made the statement by telling all judges the data is legal and must be used as evidence against the suspects. The response from defence lawyers are that all data need to be given so the defence could use it the same way law enforcement do. Now law enforcement is "black" all text in data what could help the suspects their innocent.
                    Know this is just one example for how governments do operate must be a huge concern to society. Not only to the suspects, who are called "criminals" but those who cross the law wearing a uniform or badge and walk away with this are the real criminals.
                    So if there is evidence to back-up this what I have been heard, it would be nice to see where it is published and helpfully to others.