Lock him up!
It’s almost as if they never actually cared about the server but rather were just using it to score points. Not at all like, you know, absolutely everything else.
:surprised-pikachu:
HUNTER BIDENS LAPTOP
It’s almost like libs don’t actually care about this recent leak but are also just using it to score points.
The lack of self-awareness is stunning.
imagine getting banned from c/noncredibledefense, how pathetic do you have to be for that to happen
I laughed way too hard at this. Its only been a month or two since I switched to Lemmy and already I’m getting the injokes.
Ah, I knew there was a good reason I have you tagged as ‘fucking moron’
Which lemmy app does that?
Boost does.
Now I have him tagged as Fucking Moron too.
Thanks for the tip!
Update: wow, this is really helpful!
Well damn, I was looking for a method to do it on PC lol.
The Voyager app supports blocking.
Just block them.
At Bluesky it’s been astoundingly effective for getting the fucking morons to find somewhere else to waste their time.
I appreciate your advice :)
I disagree with blocking them. Call them out on it once and then don’t engage with any further responses
People do care about the leaaks, but also how ironically this situation is compared to the ‘but what about her emails’ situation in the past.
Lock. Them. Up.
Nothing on Hillary Clinton’s server was classified at the time it was put on the server. Some items were subsequently reclassified to the lowest level above Unclassified.
So there’s really no comparison between the two situations. It stinks of bothsidesism for the journalist to even mention it. A better contrast is between screeching outrage at nothing, versus the current sneering complacency about a major security fuck-up, though I’m sure it pales with what Trump is sharing with Russia and what he’s waving around in front of his cronies to brag about what he knows.
Nothing on Hillary Clinton’s server was classified at the time it was put on the server
Some items were subsequently reclassified to the lowest level above Unclassified.
Separate from those, about 2,000 additional e-mails were “up-classified” to make them Confidential; the information in those had not been classified at the time the e-mails were sent.
So there’s really no comparison between the two situations.
I agree. I just wanted to correct the record and to highlight that a normal government employee would have been fired for what Hillary did.
In my opinion the most relevant commonality is the hypocrisy of all the involved parties. Hillary had sent out a notice to the entire State Department saying to only use official communication platforms, and then did the opposite as if she thinks she’s above the rules.
Then these Republicans who condemned the actions also used a non-official platform.
Here we go with the “Democrats can do no wrong…” speech…
Ah, cool, another account to block.
Bye!
Blocking them doesn’t silence them, it’s just plugging your own ears. Call them out instead.
They want the attention. I have no interest in giving it to them.
Please explain how you can read “that one thing everyone was mad at wasn’t as bad as they said” to “they’re perfect angels who never do anything bad” without being either braindead or a pathetic partisan hack
Just ignore/block them. They just want the attention.
Ah but you see it’s a very logical and reasonable conclusion. Allow me to explain.
ahem
DEMOCRATS BAD
Any government business should be conducted solely on government equipment, classified or unclassified. What the poster is saying is that the two don’t compare, what Hillary did was conduct government business on a private server, what the trump administration officials did was share sensitive compartmented information (SCI) on a private app.
Both actions were wrong, it’s just that revealing SCI information is far far worse.
Where did it say that?
This is the projection we were talking about.
Wasn’t the server an actual private server she had setup whereas this is a corporate app that is supposedly private if they are not lying and accessing the data. I mean this is way wore unless they put up a server to run the chat software.
deleted by creator
I don’t think anything can be proven unless you have admin rights to the server at all times. signals are encrypted every time they are sent encrypted. can it be turned off with a flag? does it run in dev without it for troubleshooting and if so is it impossible to enable in prod.
deleted by creator
exactly. if they had self hosted then it would be closer to equivalent to hilaries email but if it was using signal as written but then there is the foia issue which was still possible with hilarys email server, but not under a self hosted signal if not altered.
The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.
Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.
Doesn’t matter. Signal desktop app can sync messages and be installed on compromised computers. One of the guys in the chat was in Russia visiting Putin. It would be trivial to sync the account to the app installed on compromised machines and basically become an invisible backdoor into every secure communication for that user. I have no doubt one of the users in the chat is setup like this.
Oh, I’m not defending these dumb-asses doing illegal things to avoid systems setup to safeguard American and its people. They absolutely could have synced things to compromised devices. Just that Signal, themselves, couldn’t do that.
I think we are more talking about can the server decrypt the data. Not that the data is encrypted.
In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.
Yeah I just don’t get this. How does a person added to a chat get keys then?
Signal does hold the public keys for every user. But having the public key doesn’t let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.
Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person’s. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.
Also, while using the app, there is zero accountability for who told who to do what within the government. FOIA is useless for any conversation happening within that app, self hosted or not.
Yep, OPSEC is definitely a major issue here. But the other problem is like you mention, zero accountability. Additionally, if they delete the chat, there is no way to reobtain the data for historical archive purposes, which is another law violation.
It doesn’t matter what kind of server you’re using. Highly classified information has rules and regulations. Some stuff can only be talked about in certain buildings because the buildings were built to block listening devices.
This is a major fuck up that could have gotten American soldiers killed. Everyone involved should be in prison.
Everyone involved should be in prison.
I’m not sure we could prove this was knowing and willful. The Russian recipient of the messages is the most suspicious angle of attack.
I hope you saw the transcripts of the messages today. Do you want to retract your statement?
I saw arrogant and stupid.
I didn’t see knowing and willful.
The first message may have been by mistake. Every single message after that was knowing and willful. This isn’t a message between friends. These were highly classified communications between top admin officials. They are aware of the law and policies regarding classified information and willfully engaged in communications on an unsecured platform. Any person could have stopped it after the first message.
The law requires people to knowingly and willfully release confidential information.
Just using unsecured platforms for communications is not illegal (otherwise Hillary would have been prosecuted).
Are you suggesting they didn’t know Signal wasn’t an approved platform for sensitive government communication and willfully used it anyway?
Is approval of a communications platform legally required, or just best practice? You can guess what the Republicans will argue.
Hillary got off for not knowingly leaking documents, so will these guys.
Conservative hypocrisy knows no bounds. They will only be outraged at what their talking heads tell them to be outraged at.
The party of double standards, everyone.
If they didn’t have double standards they’d have no standards at all.
Kind of like “If I didn’t have bad luck, I’d have no luck at all!”
So you support prosecuting both dems and republicans for these fuck ups?
Quick! Change the subject!
I’m not sure that pointing out the hypocrisy is even useful. I’m nearing 40 and “but it’s okay when we do it” has always been a core tenant of conservatism. They don’t give a shit that they’re hypocrites, they don’t care, I’ve boxed them in on it before and it always just boils down to “it’s okay for us because I said so”. I think it’s maybe more useful to move past the identification of hypocrisy and start engaging in conversations about accountability. That is, conversations about hypocrisy without conversations about what kind of accountability you’d like to see are moot. So, let’s move past “can you believe this shit? But her emails? Do you feel like the hypocrites you are yet?” to “your boy did something fucking stupid. I don’t care about your excuses, fire him.”
That’s true! We just assume that by pointing out the naughty behavior Someone will Do Something because honest people expect honest reactions.
Dishonest people cannot have honest reactions, their words mean nothing, they respond only to personal suffering and nothing else.
Where is the accountability from the public? Every redneck 100 mi from me was screaming about her damn emails. They probably didn’t even understand why they were outraged, but the man on the FoX nEwS was angry about it so I am too. They say that the don’t trust the government for legitimate topics like vaccines, and taxes and then when the government gives you a huge reason to actually be concerned, it gets ignored
The hypocrisy knows no bounds…
It’s almost like that party has no values and sees everything only through the lens of political leverage.
Also the disappearing texts are a concern. There’s not much mention of that. And now you have to wonder, how many other conversations have been held there, and with who?
Disappearing texts?
Similar to WhatsApp you can set limits on how long to keep a message
Yeah the main point of using signal to get around the presidential records act, which is very illegal
And FOI. It’s sketchy AF.
Summary:
- a journalist was invited
- half an hour before the first takeoff, the takeoff times of planes, drones and cruise missiles were shared
- it was mentioned that an individual terrorist is on sight and his location known
Sadly, none of them will be jailed, like a lay person would be for disclosing military secrets.
However, I would advocate for punishing them with having a mandatory nanny appointed to oversee them for 4 years.
According to Sun Tzus art of war, someone who is that stupid should be put to death.
lock them up!
EDIT: To be 1000% clear, they should not be using personal cell phones for this, which they probably did because everyone in this admin is braindead gutter trash. I’m suggesting that self-hosted Signal over government servers is probably fine for security with potentially some tweaks to the app. Something I neglected to think of however is that this sidesteps record keeping, and probably deliberately so. My contention here was solely about security, but this fact makes Signal use unconscionable in my book because it impedes accountability.
Okay, let’s just be clear here: Signal isn’t just another “private app”; the amount of information they have about your communications is zero (0) with the exception that I believe they can see if you have an account and the last time you connected to the server. Governments absolutely do rely on Signal. The Signal protocol is open and highly robust, the app code is FOSS and has eyes from a shitload of security researchers globally due to its importance, its server code is FOSS (although you don’t have to trust this due to the robust E2EE, and you can even self-host IIRC due to the FOSS server code), and it has reproducible builds.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails. If I had to guess, they’d probably want to self-host the fork the Signal app and make it so that you can only invite people with some form of clearance, but this last thing is total speculation on my part. I’m sure there’s some way to sanely do this. The part about Signal being secure is just objectively true; it’s audited like absolute crazy, both the FOSS app and the protocol. I would trust it more than whatever the US government could homebrew, even.
If you, as a citizen, are looking for secure, private messaging, Signal should be at the very top of your list of possible candidates alongside Matrix, SimpleX, and Session (keep in mind that Element and Session do not yet support forward secrecy, although the Matrix protocol does).
Let’s also be clear: Signal, regardless of their encryption standards, is not an approved system for any kind of classified information. Leaks of this nature have the potential to cost people’s lives. Every single person in that group chat would have known this. Many of them have original classification authority.
Further, not only was the platform not approved for the information, the messages were set to disappear after some time. This is a violation of government record keeping laws and FOIA standards. This wasn’t an oopsie.
I mean we put a fox news anchor in charge, and if he’s even half as dumb as he looks, well that’s pretty fucking dumb. I doubt he understands, or if he does, doesn’t care. Just shameful. But hey, at least the libs are getting owned.
The mere fact it was possible to invite a random journalist to the chat is ridiculous. That shouldn’t be an option in a secure environment.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails.
No.
These fuckwits were handling classified and top secret information in the open on their cell phones.
It doesn’t matter what specific app they used. This is not about the technology. You missed the point.
This is the same team of geniuses that kept classified files, some of which were mysteriously emptied of their contents, in the unlocked bedroom and bathroom of a members-only club in Florida, near the swimming pool whose water mysteriously destroyed all the surveillance video just when the FBI were about to look at it.
Not to mention that, in this case, the phone network was known to hacked and infiltrated by adversaries.
https://en.m.wikipedia.org/wiki/Salt_Typhoon
This hack included JD Vance’s phone who was part of this chat group.
https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html
These peoples phones shouldn’t be considered any more secure than a public bathroom.
There’s been a few articles recently about Session authors starting with Signal protocol, and then continuing without clear understanding what they do, thus that Session shouldn’t be used.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Pray tell. Granted again that Element doesn’t yet support forward secrecy, but describe what you see as specifically wrong with Matrix, please.
but describe what you see as specifically wrong with Matrix, please.
Federated with huge load on servers. I’d prefer something like old Skype with auth servers part interacting via activitypub or something like that.
Do you see anything wrong with it security-wise? The wording of your previous comment has me confused where you fall on this.
Just that I haven’t heard of it being as praised as Signal, and since it appears to be intended for chat rooms more than for privacy, there’s natural suspicion that something is missed there.
I would trust it more than whatever the US government could homebrew, even.
The clowns in this administration, sure. But the NSA knows what they’re doing when it comes to cryptography.
