badwolf4d ago
Element

The latest Signal and WhatsApp breaches targeting German and Dutch government officials prove that consumer apps have no place in government.

❌ As European governments pursue digitally sovereign strategies, they should take the next step: Ban the use of consumer apps like Signal and WhatsApp for government-related conversations.

Secure government communications need infrastructure designed for the public sector - not repurposed consumer tools.

https://element.io/blog/latest-signal-and-whatsapp-breaches-show-that-consumer-apps-have-no-place-in-government/

Latest Signal and WhatsApp breaches show that consumer apps have no place in government

On Monday the General Dutch ⁠Intelligence Agency (AIVD) and Dutch Military Intelligence and Security Service (MIVD) announced a sustained Russian-backed campaign targeting Signal and WhatsApp users.  It follows a similar warning in February, from Germany’s Domestic Intelligence Agency (BfV) and Federal Cybersecurity Office (BSI). The attacks are based on

Element Blog
Mar 11 at 9:16amWeb
Show threadGianmarco GargiuloMar 11
@element how is it a breach if it's social engineering?
Show threadSilver OwlMar 11

@gianmarcogg03 @element Cybersecurity involves much more than just secure communication, i.e. end-to-end encryption. If confidential data is leaked, then that would be a security breach. Security services generally try to compromise your device, either through backdoors or malware, and read the decrypted messages directly. However, social engineering is often easier, especially if organisations do not provide additional security measures and training.

https://en.wikipedia.org/wiki/Information_security

Information security - Wikipedia

Show threadDan  Mar 12

@SilverOwl
None of what you say is false, strictly speaking, but the described incident still does not constitute a "breach" of signal or whatsapp.

(also, what is the point of vaguely gesturing at that wikipedia article for information security? do you think part of it supports your point?)
@gianmarcogg03 @element

Show threadhaui ☭ 🇵🇸Mar 11

@element
I use matrix extensively but saying signal was breached reads like disinfo. Information so far suggests that people were targeted by phishing which is not a platform flaw.

Dont get me wrong: signal has its flaws but for activist work it is fantastic because it works A LOT more streamlined than element ever has or will. There's a reason I only suggest fluffychat.

Lets work on actually making element equally usable to signal instead of tearing it down. This only serves surveillance.

Show threadGert, ZL2AW 🇳🇿Mar 11

@haui @element
Have you heard of #deltachat
Might be another tool for communication
This one will impress you !! Promise 🙂

https://delta.chat/en/download

Delta Chat: Get Delta Chat

The desktop versions do not require Delta Chat to be installed on a phone. Changelogs & More Changelogs: Desktop, Android, iOS, Core Alternative Clients Provider Database Verify Downloads D...

Show threadRumo Mar 11

@haui

That's why Element wrote about the difference between "consumer apps" and "government-related conversations."
Threema would also have something like that, but as far as I know, Signal does not.
This was already a problem in the US, where a journalist was invited to join a group of ministers and received confidential information.

Like you, I hope that in the future there will also be [matrix] messengers that are as easy to use as Signal.

Show threadRumo Mar 11

I don't see any major obstacles to this.
I can even see something better than Signal: you don't need a phone number and you can create an unlimited number of anonymous accounts (which will hopefully remain the case).

The more users, companies, developers, donations, and funding there are from and for [matrix], the better and faster the development will be.

Show threadcatraxx Mar 11
@element This was not a breach, it was Phishing, your App would not have prevented this attack. Stop spreading misinformation.
Show threadJenny (public node) Mar 12
@catraxx To be fair their app would have prevented any information from being leaked, as Matrix is too broken and unusable for any information to have been shared over it in the first place.
@element
Show threadadvokattMar 11
@element breach? that's too far of a strech
Show threadپویان Pouyan Mar 11
@km I absolutely loathe companies smearing their competition.

@element
Show threadpyro gamingMar 12
when are you going to make your shit with proper moderation tools and actually working encryption
Show threadDevourerMar 12

@m000gletje @element considering that some security vulnerabilities were disclosed in 2017 and have yet to be fixed, I'm assuming the answer to that is "never"

If anything, governments specifically SHOULDN'T use a known buggy and broken software like Matrix

Show threadMaRina 🌻Mar 12
fix your piece of crap of software @element
Show threadd@nny disc@ mc²Mar 12
@element ngl this is pretty washed up
Show threadEndlessMasonMar 12
@element
A breach, you know, like when somebody gets tricked into adding a bad guy to a chat
Show threadfat synths at the functionMar 12
@element twin the matrix ecosystem sucks doodoo and there's zero moderation tools and barely functioning encryption . this ain't even right u got NO say 😭🙏