gigadadzJan 7, 2025

Kinda sus...

https://lemmy.world/post/23969232

Kinda sus... - Lemmy.World

The NSA, the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000.[6] The software was merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Red Hat, Network Associates, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. https://en.wikipedia.org/wiki/Security-Enhanced_Linux [https://en.wikipedia.org/wiki/Security-Enhanced_Linux]

Show threadonlinepersona

Wasn’t Signal messenger also funded by the NSA+DARPA? And TOR too?

Anti Commercial-AI license

Deed - Attribution-NonCommercial-ShareAlike 4.0 International - Creative Commons

Jan 7, 2025 at 10:41amWeb
Show threadMajorHavocJan 7, 2025

Signal is weird about actually allowing others to reproduce the APK builds.

Specifically, they are the kind of weird about it that one would expect if it had an NSA back-door injected at build time.

This doesn’t prove anything. It just stands next to anything and waggles it’s eyebrows meaningfully.

Request: Google Play signed download alternative · Issue #127 · signalapp/Signal-Android

I was about to suggest this before reading the infamous issue 53. It is sad to see that FDroid and WhisperSystems could not work together, I truly enjoy both projects. Needless to say a google alte...

GitHub
Show threadkaduJan 7, 2025

There was a “ultra private” messaging app that was actually created by a US state agency to catch the shady people who would desire to use an app promising absolute privacy. Operation “Trojan Shield”.

The FBI created a company called ANOM and sold a “de-Googled ultra private smartphone” and a messaging app that “encrypts everything” when actually the device and the app logged the absolute shit out of the users, catching all sorts of criminal activity.

Show threadSnot FlickermanJan 7, 2025
The fact that it is a paid product should have been their first clue it was a honeypot.
Show threadFooBarringtonJan 7, 2025
Do you have more recent information by Signal on the topic? The GitHub issue you linked is actually concerned with publicly hosting APKs. They also seem to have been offering reproducible builds for a good while, though it’s currently broken according to a recent issue.
Show threadMajorHavocJan 7, 2025

I had a hard time choosing a link. Searching GitHub for “F-Droid” reveals a long convoluted back-and-forth about meeting F-Droid’s requirements for reproducible builds. Signal is not, as of earlier today, listed on F-Droid.

F-Droid’s reproducibility rules are meant to cut out the kind of shenanigans that would be necessary to hide a back door in the binaries.

Again, this isn’t proof. But it’s beyond fishy for an open source security tool.

Show threadxorJan 7, 2025
no. and tor was originally funded by the navy…
….