Our valued sponsor

Pavel Durov Arrested France

After seeing something like this, I’d say if you really want secure comms, just meet your business partner in a sauna. Of course, only if your threat model permits. ;-)
very good advise, it's really the only way for sensitive talks.
 
  • Like
Reactions: jafo and 0xDEADBEEF
  • Like
Reactions: dany and jafo
If I would need safety, I would never ever engage Cyber-security experts nor auditors :cool: Too much confidential information exposure to external persons without leverage and balance.
That's a valid point. The risks associated with engaging (most) external cybersecurity experts or auditors are huge, particularly when it comes to red team exercises. The probability of sensitive information leaking is considerable, and many organizations often fail to implement recommended security measures promptly.
Somebody was dis-loyal and others were over confident in complex phrases that were compensating their lack of comprehension and a fear of failure.
In this particular incident, the IT environment was compromised elsewhere, and the attackers employed a series of sophisticated techniques and exploits to reach their target. The method they used to infiltrate the R&D networks is quite amusing, as it involved an attack vector that hadn't been considered in their security planning.
There is a seriously good program from Israeli vendor regarding perky microphones for let's say, less hospitable and extreme environments fin4774"
Indeed, the attack was attributed to a threat actor known for utilizing such advanced approaches. Given the value of the intellectual property at stake, their efforts were justified. This highlights why I emphasize the importance of threat modeling. Defending against these adversaries is an uphill battle, as they combine human intelligence, signals intelligence, and cyber tactics.

You're right about the sauna strategy losing effectiveness once it becomes common knowledge. However, it does complicate matters for any potential "partner" attempting to wear a wire. :p
At least you know that safety can be achieved across spectrum.
Absolutely! While they managed to access sensitive information, they couldn't exfiltrate the most critical data. Their detection was also relatively quick. As mentioned, the organization had a mature security posture, and I'm certain they've further enhanced their defenses since this incident. A common issue I've observed is that many organizations/individuals focus solely on technical solutions without addressing security holistically across all aspects of their operations.
 
  • Like
Reactions: jafo and mraleph
Google Japanese privacy laws
It doesn't matter they will share information in a blink of an eye.

5 eyes alliance:

Several countries have been prospective members of the Five Eyes. Israel,[104] Singapore, South Korea,[105] and Japan have collaborated or continue to collaborate with the alliance, though none are formally members
 
It doesn't matter they will share information in a blink of an eye.

5 eyes alliance:

Several countries have been prospective members of the Five Eyes. Israel,[104] Singapore, South Korea,[105] and Japan have collaborated or continue to collaborate with the alliance, though none are formally members
See_ LINE Corporation's Compliance with Applicable Laws | LINE Corporation | Security & Privacy

Line app is encrypted client side FYI between all counterparties unique

All requests have to go through Japanese Justice Processes (LINE Transparency Report - LINE Corporation)

- See US, UK etc in:

Disclosure Requests​


Also
Responding to Law Enforcement Agencies | LINE Corporation | Security & Privacy
https://linecorp.com/en/security/article/291

What it shows is that privacy is baked into the app, but also the law, so for legal use cases where privacy is the main concern you are better using say Line than say Messenger

Likewise criminals unfortunately use due to that.
 
  • Like
Reactions: dany and jafo
LINE

・ Registered account data (profile image, display name, email address, phone number, LINE ID, date of registration, etc.)

・ Communication history of specified users (message delivery date, IP address of sender, port number of sender)*

*There is no disclosure through Investigation-Related Inquiry

・ Specified users' text chats**

**Only when end-to-end encryption has not been applied (if end-to-end encryption has been enabled, we cannot decrypt/extract the contents of text chats, so no disclosure of the contents of text chats is possible). End-to-end encryption is applied by default since July 1, 2016. For more details, please see Data Security.

**Even if unencrypted text chats are disclosed, as per our policy, only up to seven days of text chats will be disclosed.

**Only when receiving an effective warrant issued by the court.

**Video / picture / files / location information / phone call audio and other such data will not be disclosed.

https://linecorp.com/en/security/encryption/2022h1
Line is closed source so it's impossible to tell if they have any backdoors or if it's safe.
True

 
Last edited:
  • Like
Reactions: jafo
I think that with this whole arrest case one could see a parallel with crypto. Pseudo-decentralized ones have a pronounced leader (like V. Buterin in ethereum) whereas truly decentralized ones like bitcoin do not - Satoshi cannot be arrested because nobody can find him :)

A real anonymous messenger shouldn't have a publicly known director/leader (call it as you like), it should be distributed, open-source and governed by the community.

There are things like tox out there, but not many people are using it because indeed it is less convenient than telegram. So there is always a tradeoff when you try to balance true anonymity and day-to-day convenience.
 
That's a really good discussion you have going here, but how are Line, Tox, Messenger connected with Telegram? I can't quite understand the connection. Are they all owned by the same person, namely Pavel Durov?
 

This is related to Telegram and Mr Durov

https://www.europol.europa.eu/media...akes-down-new-criminal-communication-platform
as it erodes the fundamental liberties and rights.

The crucial narative that is created is

Europol and its partners continue to prioritise the fight against encrypted communication technologies used by criminals, while also advocating for a balanced approach that respects privacy rights and upholds legal standards.

Private companies that wish to ensure their services are used in compliance with the law also have an important role to play. They must ensure that their platforms are not safe havens for criminals and should provide mechanisms for lawful data access under judicial oversight and in full respect of fundamental rights.

Law enforcement needs access to communications among suspects to combat serious crimes. This can coexist with privacy protection, while cybersecurity is guaranteed and strong legal safeguards and oversight are in place


There is no mechanism that protects the security and privacy of communication and allows government access for surveilance. Cyber-security isn't guaranteed and legal norms are as strong as people ethics are.
 
one of the reasons I started to feel uncomfortable having a secure email service available to the public (as a company) was the terror attacks in Europe (I believe Paris) - I am a firm believer in privacy but I will admit it kept me up at night in cold sweats - most if not all of the user base based on the social media content we could glean was Latin America at the time

In 2018 I created a new method for secure private data storage which I realized in doing so was the perfect string broadcaster / or messenger solution basically everywhere but nowhere, Wally amongst the crowds, non discernible as detectable.

At the time we used it in system for the AIs to communicate but closed the front end where anyone could use as it was a novel solution and not widespread or read

I then did a paper and submitted it as a hypothetical to MI5, FBI and the US Senate via a moniker - real concern at the ease and the power of the solution should a terrorist come to the same idea/solution

Fortunately they continue to instead use services or devices

And my brothers keep sending them Shalom mother fucker messages in return
 
I think it’s better to avoid carrying any electronics at all. The fact is, you can’t really trust any manufacturer of electronic devices used for communication on this planet.
The enemy of my enemy (i.e., my oppressor by outnumbering me) is my lifelong friend and trusted partner! This shared mentality/strategy has worked for me and others personally for over 40 years!
It also worked for the OGs, mostly WASPs and Jewish (RIP), who passed down this wisdom to me and others (who were also deprogrammed NOT to be offended and hurt by it through cognitive dissonance) for over 90 years (that I know of - I inherited the diaries of all the OGs). That's +130 years of "insider's knowledge."

The ABSOLUTE SHOCKING truth on this forum for me has been that there are a few guys here who are aware of this:
If you don't want to be spied by the US, EU or any western country it's the best solution to use China tech.

Or Russian
@wellington ALREADY mentioned Chinese tech (several times) as an antidote! It was NOT lost on me! ;)

A few other members know this but are a bit more reticent about it. ;)

I mentioned it here: Does Stripe have the right to hold your funds forever ?

and also here: Pavel Durov Arrested France

This is BATTLE-FIELD TESTED! I put this on the battlefield against the US DOJ in a grand jury and jury trial! They got d1ck! They admitted they got d1ck! They were hoping their buddy, my defense attorney, their former colleague at the DOJ would throw me under the bus, but I fired him as soon as the trial started, so they had NO WAY to recoup! dev56"""
In a more gruesome example of Machiavellianism, we skydived out of the plane, and I made sure my defense attorney's parachute was not working! dev56"""

It's called "trial by AMBUSH!" dev56"""

PS. The fact that people BELIEVE their oppressors that the oppressors' enemies are evil...is just mind-boggling to me! smi(&% rof/%
Does anyone know a study about this? @JohnnyDoe , do you know how this happens? How can people fall for such BS? :rolleyes: