Nothing on Hillary Clinton’s server was classified at the time it was put on the server. Some items were subsequently reclassified to the lowest level above Unclassified.
So there’s really no comparison between the two situations. It stinks of bothsidesism for the journalist to even mention it. A better contrast is between screeching outrage at nothing, versus the current sneering complacency about a major security fuck-up, though I’m sure it pales with what Trump is sharing with Russia and what he’s waving around in front of his cronies to brag about what he knows.
Here we go with the “Democrats can do no wrong…” speech…
Ah, cool, another account to block.
Bye!
Please explain how you can read “that one thing everyone was mad at wasn’t as bad as they said” to “they’re perfect angels who never do anything bad” without being either braindead or a pathetic partisan hack
Just ignore/block them. They just want the attention.
The takeaway is that Signal is a bloody good app to use.
Sounds like it’s pretty easy to add the wrong people to your chat.
People are usually the weakest link.
It’s no different from many other chat apps. Select the contacts you want in the group.
There’s no issue with the app, it’s actually among the most secure. The issue is the meatbag behind the thumbs selecting who to put in the chat.
I’ve never had any issues by adding the wrong people to a group, personally 🙂.
Is that the takeaway?
For the reporter it was.
It’s almost as if they never actually cared about the server but rather were just using it to score points. Not at all like, you know, absolutely everything else.
:surprised-pikachu:
It’s almost like libs don’t actually care about this recent leak but are also just using it to score points.
The lack of self-awareness is stunning.
Ah, I knew there was a good reason I have you tagged as ‘fucking moron’
Just block them.
At Bluesky it’s been astoundingly effective for getting the fucking morons to find somewhere else to waste their time.
I appreciate your advice :)
Which lemmy app does that?
Boost does.
Now I have him tagged as Fucking Moron too.
Thanks for the tip!
Update: wow, this is really helpful!
People do care about the leaaks, but also how ironically this situation is compared to the ‘but what about her emails’ situation in the past.
🧈 👨 s
Leonardo DiCaprio pointing at a tv
Lock. Them. Up.
Wasn’t the server an actual private server she had setup whereas this is a corporate app that is supposedly private if they are not lying and accessing the data. I mean this is way wore unless they put up a server to run the chat software.
It doesn’t matter what kind of server you’re using. Highly classified information has rules and regulations. Some stuff can only be talked about in certain buildings because the buildings were built to block listening devices.
This is a major fuck up that could have gotten American soldiers killed. Everyone involved should be in prison.
It’s been proven that Signal doesn’t have chats or chat metadata in court but this is still a gross violation of OPSEC and all manner of federal law, which I’m not even qualified to talk about. In either case this is hundreds of times worse than the Clinton email server.
I don’t think anything can be proven unless you have admin rights to the server at all times. signals are encrypted every time they are sent encrypted. can it be turned off with a flag? does it run in dev without it for troubleshooting and if so is it impossible to enable in prod.
The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.
Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.
okay, so self host it if that is part of your concern/threat model. the Signal server code is open to the public, you can see and download it here.
exactly. if they had self hosted then it would be closer to equivalent to hilaries email but if it was using signal as written but then there is the foia issue which was still possible with hilarys email server, but not under a self hosted signal if not altered.
Also, while using the app, there is zero accountability for who told who to do what within the government. FOIA is useless for any conversation happening within that app, self hosted or not.
Yep, OPSEC is definitely a major issue here. But the other problem is like you mention, zero accountability. Additionally, if they delete the chat, there is no way to reobtain the data for historical archive purposes, which is another law violation.
Conservative hypocrisy knows no bounds. They will only be outraged at what their talking heads tell them to be outraged at.
The party of double standards, everyone.
If they didn’t have double standards they’d have no standards at all.
Kind of like “If I didn’t have bad luck, I’d have no luck at all!”
So you support prosecuting both dems and republicans for these fuck ups?
Quick! Change the subject!
Shared military plans with a journalist on a private app.
Clown show … so let’s spin it that this came from a disreputable journalist.
I’m so tired of America letting the worst pieces of shit get away with anything. One side breaks the speed limit by 2mph and they’re euthanized. The other side rapes and kills all of Asia, and nothing happens.
The two sides you’re talking about is the rich vs the poor.
The rich get to do what they want because no one holds them accountable. The people that should be holding them accountable are corrupted by the endless money that the rich have.
The “people” could change this over night but the rich have us all divided.
If you want real change stop hating your neighbor and start banding together. That will never happen tho because the rich are winning this war.
EDIT: To be 1000% clear, they should not be using personal cell phones for this, which they probably did because everyone in this admin is braindead gutter trash. I’m suggesting that self-hosted Signal over government servers is probably fine for security with potentially some tweaks to the app. Something I neglected to think of however is that this sidesteps record keeping, and probably deliberately so. My contention here was solely about security, but this fact makes Signal use unconscionable in my book because it impedes accountability.
Okay, let’s just be clear here: Signal isn’t just another “private app”; the amount of information they have about your communications is zero (0) with the exception that I believe they can see if you have an account and the last time you connected to the server. Governments absolutely do rely on Signal. The Signal protocol is open and highly robust, the app code is FOSS and has eyes from a shitload of security researchers globally due to its importance, its server code is FOSS (although you don’t have to trust this due to the robust E2EE, and you can even self-host IIRC due to the FOSS server code), and it has reproducible builds.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails. If I had to guess, they’d probably want to self-host the fork the Signal app and make it so that you can only invite people with some form of clearance, but this last thing is total speculation on my part. I’m sure there’s some way to sanely do this. The part about Signal being secure is just objectively true; it’s audited like absolute crazy, both the FOSS app and the protocol. I would trust it more than whatever the US government could homebrew, even.
If you, as a citizen, are looking for secure, private messaging, Signal should be at the very top of your list of possible candidates alongside Matrix, SimpleX, and Session (keep in mind that Element and Session do not yet support forward secrecy, although the Matrix protocol does).
Let’s also be clear: Signal, regardless of their encryption standards, is not an approved system for any kind of classified information. Leaks of this nature have the potential to cost people’s lives. Every single person in that group chat would have known this. Many of them have original classification authority.
Further, not only was the platform not approved for the information, the messages were set to disappear after some time. This is a violation of government record keeping laws and FOIA standards. This wasn’t an oopsie.
The mere fact it was possible to invite a random journalist to the chat is ridiculous. That shouldn’t be an option in a secure environment.
I mean we put a fox news anchor in charge, and if he’s even half as dumb as he looks, well that’s pretty fucking dumb. I doubt he understands, or if he does, doesn’t care. Just shameful. But hey, at least the libs are getting owned.
This fuck-up was strictly due to the fact that they’re incompetent morons just randomly inviting people to group chats and shit with no guardrails.
No.
These fuckwits were handling classified and top secret information in the open on their cell phones.
It doesn’t matter what specific app they used. This is not about the technology. You missed the point.
This is the same team of geniuses that kept classified files, some of which were mysteriously emptied of their contents, in the unlocked bedroom and bathroom of a members-only club in Florida, near the swimming pool whose water mysteriously destroyed all the surveillance video just when the FBI were about to look at it.
Not to mention that, in this case, the phone network was known to hacked and infiltrated by adversaries.
https://en.m.wikipedia.org/wiki/Salt_Typhoon
This hack included JD Vance’s phone who was part of this chat group.
https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html
These peoples phones shouldn’t be considered any more secure than a public bathroom.
I would trust it more than whatever the US government could homebrew, even.
The clowns in this administration, sure. But the NSA knows what they’re doing when it comes to cryptography.
There’s been a few articles recently about Session authors starting with Signal protocol, and then continuing without clear understanding what they do, thus that Session shouldn’t be used.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Matrix is a compromise, it’s not as much about security as it is about just modern FOSS chat.
Pray tell. Granted again that Element doesn’t yet support forward secrecy, but describe what you see as specifically wrong with Matrix, please.
but describe what you see as specifically wrong with Matrix, please.
Federated with huge load on servers. I’d prefer something like old Skype with auth servers part interacting via activitypub or something like that.
Do you see anything wrong with it security-wise? The wording of your previous comment has me confused where you fall on this.
It’s almost like both “parties” only care about decent OpSec when the other team fucks up.
And neither party cares about the endless imperial slaughter that these communications facilitate. Not even worth mentioning.
An app that multiple intelligence agencies have likely cracked
The app is likely secure.
The personal phones they installed this app on, however…
I don’t run a magazine so I couldn’t report it but I was included on a top secret Signal group chat where administration officials talked about how long you should wait after Trump or Elon absolutely explodes a White House bathroom. A friend at OSHA accidentally added me.
The younger staffers were given a map of nearby Starbucks locations because sometimes, it would take hours for the West Wing loos to be re-certified as a safe workplace environment. And if the inspector forgot his Geiger counter, forget it. Bathrooms were off limits that day.
