As promised, here is the technical audit of Signal (v8.3.4) and Wire (v4.21.0) using the GAMA v1.0 methodology. Analysis is strictly based on evidence from production binaries (DEX, ELF, Smali).Key Findings:Post-Quantum: Signal uses a continuous PQ-ratchet (ML-KEM1024). Wire implements a hybrid KEM (Kyber768 Draft) in MLS setup.Metadata: Signal's Sealed Sender v2 obfuscates the social graph. Wire's architecture prioritizes enterprise federation over metadata hiding.Telemetry: Detected a Firebase Measurement Connector bridge in Wire's production build.Integrity: Binary evidence of Signal’s SVR2 Noise channel for SGX-backed PIN recovery.I have also corrected material errors from my preliminary notes regarding SQLCipher and PQC in Wire. This is an objective look at architectural trade-offs.Feedback and peer review are welcome to improve the GAMA framework.Full Report:
https://blackcodeitalia.wordpress.com/2026/03/22/comparative-binary-analysis-of-signal-8-3-4-and-wire-4-21-0-a-gama-v1-0-perspective/

for gama methods availabile on my github repository

#Infosec #Signal #Wire #SignalApp #WireApp #Cybersecurity #BinaryAnalysis #GAMA #PostQuantum #Privacy

Static + dynamic analysis of Signal's APK. The good news first: Signal is genuinely exceptional.

Rust core (libsignal_jni.so), post-quantum hybrid Double Ratchet (Kyber-1024 + X25519), Direct ByteBuffers with immediate zeroing after PIN/username hashing, Intel SGX attestation for SVR — MREnclave verification means even a compromised Signal server can't extract your PIN hash.

But two things stood out:

1. Firebase is always there. Google receives IP + notification timestamps regardless of message content. If you need metadata privacy, Signal still leaks presence data to Google's infrastructure.

2. Certificate revocation endpoints hit http://g.symcd.com in plaintext. An ISP or state-level observer can fingerprint Signal usage from DNS queries and HTTP traffic to those CAs — without touching message content.

Conclusion: strongest crypto engineering in consumer messaging. The attack surface isn't the cryptography. It's the operational dependencies.

Soon the full analysis

#infosec #AndroidSecurity #Signal #privacy #ReverseEngineering #postquantum #mobileforensics

#pcknews

L'ex direttore di Frontex indagato per crimini contro l'umanità

https://www.lindipendente.online/2026/03/25/lex-direttore-di-frontex-e-indagato-per-crimini-contro-lumanita/

Uno studio su Nature dimostra che sette settimane di feed algoritmico di X spostano le opinioni verso destra. E l'effetto non si cancella.

[📬 il nuovo numero di Diario di bordo. Abbonati per meno di 3 caffè al mese]

https://open.substack.com/pub/giuliocavalli/p/lalgoritmo-vota?r=1vaky&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true

Stop accordo UE-Israele e a sua partecipazione ad Horizon

L’evento s’inquadra nel contesto dell’Iniziativa dei Cittadini Europei (ICE) per chiedere alla Commissione Europea la sospensione totale dell’accordo di associazione con Israele. L’accordo, che dal 1995 costituisce il pilastro della cooperazione economica, commerciale e politica tra le due parti, viene da tempo contestato per l’incompatibilità con la condotta israeliana.

https://www.eunews.it/2026/03/23/stop-allaccordo-dellue-con-israele-e-alla-sua-partecipazione-ad-horizon/

#Israele #UE #Horizon

Giorgia Meloni Has Finally Suffered a Defeat

Through more than three years in power, Italian premier has often seemed to have an electoral magic touch. Her defeat in a judicial-reform referendum today tells us she still can’t rewrite the country's constitution at will.

https://jacobin.com/2026/03/meloni-italy-justice-reform-referendum

I candidi capi impresa tedeschi dell'automotive hanno scoperto il meraviglioso modello organizzativo cinese e invitano a imitarlo. Oppure a delocalizzare totalmente laggiù

Volkswagen CEO tells newspaper German carmakers should look to Chinese planning https://www.reuters.com/business/autos-transportation/volkswagen-ceo-tells-newspaper-german-carmakers-should-look-chinese-planning-2026-03-21/