Remember that most hacking is not done by breaking encryption and running code. It’s %100 social engineering. The weakest point is always a person.
Most activism groups aren’t really screening for membership.
Usually it’s, “you want to join ? Cool, I’ll add you.”
Edit: Just read the article. They went out of their way to try to make it sound like this group was up to something other than legally show up to immigrant court and keep watch for heinous police behavior.
The memo did not provide any further details about the individual or their alleged past calls for violence and offered no specifics or evidence to explain why the FBI characterized them as “anarchist violent extremists”. The courtwatch efforts have been non-violent, and the FBI did not respond to an inquiry seeking specific examples of violence and did not answer questions about whether law enforcement had ongoing access to the private group.
Oh so it’s an activist group that’s doing valuable work but has no need to background check for security. Makes sense, basically every activist or political group is on signal these days.
Imagine saying “Feds should follow the law” is an extreme anarchist statement.
It becomes one every anti left scare (red, but also green and lavender)
I guess “FBI infiltrated group of immigration activist” would be boring and not fitting the FUD about encrypted messaging…
Wouldn’t be surprised if they went undercover as a member and was just accepted to the group.
Lowest barrier to entry
My guess as well. Historically, the FBI has spent substantial resources infiltrating groups deemed even the smallest threat to state power.
The FBI’s report from August, prepared by its New York division, does not make clear how the bureau accessed the Signal group
The question I’m most curious to have answered
Sounds like they joined a large group chat as a member
The FBI, the documents show, gained access to conversations in a “courtwatch” Signal group that helps coordinate volunteer activists who monitor public proceedings at three New York federal immigration courts. The US government has repeatedly been accused of violating immigrants’ due process rights at those courts.
I’ve always felt like Signal isn’t half as secure as it claims to be, and articles like this don’t help that feeling…
Why’s that exactly… who’s not to say they just joined the huge group undercover? Or randomly added to a sensitive group aka the journalist debacle a few months ago.
I’m literally just talking, giving an opinion. Nothing was that fucking deep, just talking about my feelings about how a supposedly secure encrypted website was infiltrated by the motherfucking FBI…
And I’m downvoted? Fucking why? Every day Lemmy gets a little more like Reddit. Shit like this is why the numbers go down. Just spread that negativity—make everyone feel like shit.
Downvote this while you’re at it! Fuck yall!
Many subscribe to the “vote on comments based on how useful the information is” theory, myself included. Based on that your feeling, despite how valuable it is to you personally, isn’t particularly valuable to the discussion. Its not personal.
Your feelings and opinion are wrong in this case.
They could mislead people into sharing your opinion/feeling and then you’d both be wrong.
You’re getting downvoted because you’re wrong and are contributing the opposite of a benefit to a conversation around the security of signal without any facts or proof other than your “gut”.
That is not upvote worthy. People are correct to downvote your comment to let others know that they shouldn’t take it with any degree of seriousness. That’s how this works. That’s how the whole comment voting system is supposed to work.
Your feelings are not special when they muddy the waters of facts.
It’s as secure as it can be in the modern world really.
But none of the technology matters if you let an FBI agent into your super secure encrypted group chat.
why is this downvoted? its not even that wild a comment. Signal fans need to chill a bit.
because it’s completely unsubstantiated bullshit?
why would anyone upvote “someone’s feelings” on a technical subject?
this is a technology we’re talking about: there is an objective right and wrong, feelings are irrelevant. especially when those feelings are completely baseless.
the better question is: why would anyone upvote this garbage?
I don’t know who still needs to hear this, so I’m going to say it again for the people in the back.
Assume every form of communication you have is being spied on.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
Verify the other users in the chat.
Do not plan any activity that could be considered a criminal enterprise on an electronic device with a connection to the internet.
This had nothing to do with encryption. 99.99% of breaches aren’t some pen hack, it’s social engineering of someone to gain access. You have all the best software and practices in place, but if the dumbass on the fourth floor decides that they’re gonna let someone in who’s called them from Microsoft, then it doesn’t matter.
They let the FBI into the chat because they don’t know opsec for shit.
I agree that you’re right. My thought was it was more likely that they socially engineered their way into getting invited to the chat.
This is why I said that a lot of people are the weakest link in their own secured communications networks.
If you’re using an app like signal or similar, make sure you and everyone else in the chat has encryption enabled.
PSA: There’s no way to disable encryption in Signal.
That’s why I said an app like signal. People assume that every app works the same. Telegram had issues with encryption where all parties didn’t have encryption enabled but one or more of the parties involved assumed the chat was still encrypted.
However I should probably change that to read more along the lines of: know the features and settings of your app and ensure that encryption settings are set to maximize the protection of privacy.
I’m gonna have to workshop that. It’s a mouthful.
Either way, thank you for pointing that out.
deleted by creator
I just got downvoted in the comments above for basically having the EXACT same sentiment. I fucking hate it here.
The difference is they gave solid sound advice on opsec, and your comment seemed more in line with distrusting signal’s tech. One of these comments makes sense, the other doesn’t.
Just don’t care about down votes.
Yeah. I dunno man. I’m sorry.
But like. A lot of the time security/privacy fails like this are user-inflicted. Either because people don’t understand the apps and services they use, or because other people aren’t as vigilant about auditing their networks (the people, the hardware the software).
Fair point!
deleted by creator
Shocking revelation.
