Librem 5 and liberty are the same phone and are horribly overpriced. At this point I’m surprised it’s not just a literal grift like the other 'murica phones people tried selling to the American right wing.
I’ve seen this news published at a few different places, and IIRC they plan to use already existing exploits. You can read a bunch about what could potentially be used on the grapheneos website, specifically on how the modem and cellular network stack is very highly privileged on android at least, and it is very likely that most cellphones are vulnerable to some kind of code injection via a stingray, for example.
Yeah, if this can be done remotely then all smartphones by design are very insecure devices that shouldn’t be trusted to doing card transactions or entrusting with password management and two factor authentication…
I wish they would go into more detail on the how of remote activation is made. Is it a law saying it is okay to do if it becomes possible? Is this through an exploit that was found and requires physical access to the device to initiate, or is it just a setting present on all phones by default.
DROPOUTJEEP … “A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”
DROPOUTJEEP … “A software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”
The NSA had a program called DROPOUTJEEP according to an article in Der Spiegel. Think it came out with Snowden? Fuzy on details but you can look into it. It did include camera access but i dont think it could be installed remotely. Id be surprised if theres anything the NSA cant intercept but thats obviously what they would want us to think and Im just a guy.
The Court of Justice if the EU will very likely disallow the use of this authority in the future, but it often takes time to litigate in court up to a point where an organization can proceed to the EU Court.
It’s a terrible way of politicians trying to circumvent fundamental rights, even though their goal always is to prevent crime. The simply pass the bill, wait until it becomes law, start doing their business, claim victory and then complain the EU Court disallows it.
Ever hear of backdoors and a little spyware called Pegasus? Technology is already in place and NSA has been doing it since 9/11. All this spyware and it isn’t even effective.
Pegasus uses exploits which are getting discovered and fixed. In theory, it’s getting harder for that model to work. Apple’s Lockdown mode defends against it for example. Very different from a sanctioned backdoor.
Yeah I wouldn’t be surprised if Pegasus was being fixed. It’s been around for years now. But there will still be 0 days. They’re called 0 days because nobody knows about them yet.
Online piracy already carries punishment up to 3 years. All it takes them is make a law that technically holds 5 years but gets pardoned in practice.
Labeling someone a terrorist can be as simple as “collective undertaking with the aim of seriously disturbing public order through intimidation” aka protesting…
After a terrorist attack, emergency state was declared (nomally used in case a war actually put the survival of the country’s institutions in jeopardy).
First use of the extra-powers: assign some targeted pacific climate activist at home so that there would not be a protest during the COP.
Anti-terrorism bill was passed some time ago. It was used to repress the protests against the retirement bill, literally banning anyone from carrying a saucepan in the street (ban of “noise emitting devices”) during a protest.
Climate protesters have been labeled “eco-terrorist” even though they never put nor attempted to put anyone’s life in danger.
France is under requests from the UN for fixing severe issues regarding right to protest, police excessive violence and systematic racism in the police force. France is taking a dire path, joining Hungaria, Turkey in authoritarism, maybe evolving to a clone of Russia, as there were hint of a will to change the constitution to let Macron run again after his second mandate.
I have 0 trust this bill is intended to be used for severe crimes. It’s another attempt to control and repress.
Yep some of my friends left France in part for that reason - the government and police are becoming increasingly authoritarian and they left not wanting to wait for things to get worse. And they’re just super nice, normal people but they could see the wiring on the wall. 😞
Yeah, I get it. It just seems like admins making a decision for an entire instance of users that they can’t see the most popular instance anymore.
It was the first instance I joined too, which is the only reason I think about it. But Lemmy World so far is awesome and doing great things for Lemmy.
Sure, the issue is that, with no transparency, cops will use it even if they are just courios what they friends are doing. This is already known to happen in the US, where cops used it to stalk their SOs or even in extreme cases women they were starting to date.
If they already have the technology in their hands, there is no way to stop them.
They should also need it in the US. The issue is, that if the tool is in the hands of the cops, there is no way to check who they spied on (and therefore if they had warrant).
At least if it was executed by a comercial entity, they can check the warrants and be liable if they do it without one. But that is very likely not how it will be implemented. The cops will get the tools to do with as they please.
As an example, one state in the US (forgot which one) put in a law that requires the police to submit every data search warrant into a public database so that they could be audited by the public. After they compared the contents of the database to number of requests in companies transparency reports, it turned out there were over 5 times as many requests in the state then what was reported in the database, despite reporting being required by law.
I really hope the power isn’t abused. The second it is it will lead to more riots and even though I have in no way been directly affected where I live, it is a pain to get messages from friends abroad asking “Why is France on fire again?”
On one hand, I do want to ask why Frebch people love setting France on fire so much. On the other hand, when shit like this passes as laws, I wonder why we are not setting our countries on fire…
I’ve lived here since 2006 and I haven’t met a single person that participated in any of the riots, which are offshoots of sanctioned strikes and do not represent France as a whole. I’ve had some students that strike for the environment or maybe do walkouts.
The closest I came to one was a strike about police violence and I happened to be in a café and had to evacuate because of year gas. In that instance, it turned out the person they were striking for lied.
Considering this is France, you’d think those at the top would be more aware than anyone of the risks of pissing off your citizens, but looks like they’ve become too comfortable and are practically begging for a refresher crash course…
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacyguides@lemmy.one
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
We prefer posting about open-source software whenever possible.
No soliciting engagement: Don’t ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don’t repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don’t abuse our community’s willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
On a related topic: anyone know if there are any cell phones that come with a physical switch to disable the camera and mic
I only know about pinephone and, liberty phone and librem 5 from purism.
Librem 5 and liberty are the same phone and are horribly overpriced. At this point I’m surprised it’s not just a literal grift like the other 'murica phones people tried selling to the American right wing.
I’m not aware that either iOS or Android support this.
I see two options:
Apple and Google build requested backdoor access, which I don’t think they want to do.
The police get physical access to the phone temporarily to install a hidden app on it. Possibly using an insider.
Bad guys buy pre-backdoored phones from cops. See the ANOM story. https://arstechnica.com/tech-policy/2021/06/fbi-sold-phones-to-organized-crime-and-read-27-million-encrypted-messages/
I have not read the bill but I’ll guess they are legalizing #2.
I’ve seen this news published at a few different places, and IIRC they plan to use already existing exploits. You can read a bunch about what could potentially be used on the grapheneos website, specifically on how the modem and cellular network stack is very highly privileged on android at least, and it is very likely that most cellphones are vulnerable to some kind of code injection via a stingray, for example.
Yeah, if this can be done remotely then all smartphones by design are very insecure devices that shouldn’t be trusted to doing card transactions or entrusting with password management and two factor authentication…
I wish they would go into more detail on the how of remote activation is made. Is it a law saying it is okay to do if it becomes possible? Is this through an exploit that was found and requires physical access to the device to initiate, or is it just a setting present on all phones by default.
https://en.wikipedia.org/wiki/ANT_catalog
Fuck yea buddy, the CIA has had a backdoor to every cell phone since the first cell phone
I’m unfamiliar with evidence to support any sanctioned CIA backdoor.
Snowden.
A good starting point is here:
https://en.wikipedia.org/wiki/ANT_catalog
For example:
And here:
https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)
The NSA had a program called DROPOUTJEEP according to an article in Der Spiegel. Think it came out with Snowden? Fuzy on details but you can look into it. It did include camera access but i dont think it could be installed remotely. Id be surprised if theres anything the NSA cant intercept but thats obviously what they would want us to think and Im just a guy.
There will always be spies working with exploits, which is different from a sanctioned backdoor.
I doubt the tech used in DROPOUTJEEP works anymore.
Ah i see what you’re saying. No I dont think apple provides a known backdoor to french police.
The Court of Justice if the EU will very likely disallow the use of this authority in the future, but it often takes time to litigate in court up to a point where an organization can proceed to the EU Court.
It’s a terrible way of politicians trying to circumvent fundamental rights, even though their goal always is to prevent crime. The simply pass the bill, wait until it becomes law, start doing their business, claim victory and then complain the EU Court disallows it.
Sigh.
Ever hear of backdoors and a little spyware called Pegasus? Technology is already in place and NSA has been doing it since 9/11. All this spyware and it isn’t even effective.
Pegasus uses exploits which are getting discovered and fixed. In theory, it’s getting harder for that model to work. Apple’s Lockdown mode defends against it for example. Very different from a sanctioned backdoor.
Yeah I wouldn’t be surprised if Pegasus was being fixed. It’s been around for years now. But there will still be 0 days. They’re called 0 days because nobody knows about them yet.
Commented on this article in another thread
https://beehaw.org/comment/586170
Those caveats are just to get the laws passes.
Online piracy already carries punishment up to 3 years. All it takes them is make a law that technically holds 5 years but gets pardoned in practice.
Labeling someone a terrorist can be as simple as “collective undertaking with the aim of seriously disturbing public order through intimidation” aka protesting…
After a terrorist attack, emergency state was declared (nomally used in case a war actually put the survival of the country’s institutions in jeopardy). First use of the extra-powers: assign some targeted pacific climate activist at home so that there would not be a protest during the COP.
Anti-terrorism bill was passed some time ago. It was used to repress the protests against the retirement bill, literally banning anyone from carrying a saucepan in the street (ban of “noise emitting devices”) during a protest.
Climate protesters have been labeled “eco-terrorist” even though they never put nor attempted to put anyone’s life in danger.
France is under requests from the UN for fixing severe issues regarding right to protest, police excessive violence and systematic racism in the police force. France is taking a dire path, joining Hungaria, Turkey in authoritarism, maybe evolving to a clone of Russia, as there were hint of a will to change the constitution to let Macron run again after his second mandate.
I have 0 trust this bill is intended to be used for severe crimes. It’s another attempt to control and repress.
Yep some of my friends left France in part for that reason - the government and police are becoming increasingly authoritarian and they left not wanting to wait for things to get worse. And they’re just super nice, normal people but they could see the wiring on the wall. 😞
It’s so stupid that beehaw defederated from Lemmy world.
You can always use Kbin instead which is still federated with all.
Such is the power of federation. Beehaw can choose to do so, and it’ll be interesting to see how the fragmentation issue plays out
Yeah, I get it. It just seems like admins making a decision for an entire instance of users that they can’t see the most popular instance anymore.
It was the first instance I joined too, which is the only reason I think about it. But Lemmy World so far is awesome and doing great things for Lemmy.
Sure, the issue is that, with no transparency, cops will use it even if they are just courios what they friends are doing. This is already known to happen in the US, where cops used it to stalk their SOs or even in extreme cases women they were starting to date.
If they already have the technology in their hands, there is no way to stop them.
Technically needs judge’s approval
A back door is a security vulnerability, even if the police never abuse such a power.
They should also need it in the US. The issue is, that if the tool is in the hands of the cops, there is no way to check who they spied on (and therefore if they had warrant).
At least if it was executed by a comercial entity, they can check the warrants and be liable if they do it without one. But that is very likely not how it will be implemented. The cops will get the tools to do with as they please.
As an example, one state in the US (forgot which one) put in a law that requires the police to submit every data search warrant into a public database so that they could be audited by the public. After they compared the contents of the database to number of requests in companies transparency reports, it turned out there were over 5 times as many requests in the state then what was reported in the database, despite reporting being required by law.
I really hope the power isn’t abused. The second it is it will lead to more riots and even though I have in no way been directly affected where I live, it is a pain to get messages from friends abroad asking “Why is France on fire again?”
On one hand, I do want to ask why Frebch people love setting France on fire so much. On the other hand, when shit like this passes as laws, I wonder why we are not setting our countries on fire…
I’ve lived here since 2006 and I haven’t met a single person that participated in any of the riots, which are offshoots of sanctioned strikes and do not represent France as a whole. I’ve had some students that strike for the environment or maybe do walkouts.
The closest I came to one was a strike about police violence and I happened to be in a café and had to evacuate because of year gas. In that instance, it turned out the person they were striking for lied.
So, I can’t say why they want to destroy stuff.
Once the tech is in place it can and will be abused. Also, non-police can find how to access the backdoor.
Oh ok then, that’s fine. I’ve got nothing to hide.
Ha, I’m sure… They’ll spy the heck out of everyone. At the judge’s discretion, of course 😉
Ur comment is probably /s, but username does not check out for having an alt account with “nothing to hide” :D
lol, I’m using my alt bc beehaw seems to be acting up rn, but it made for a happy accident.
What the hell is happening over there??
People are already pissed, so why not push through a crazy privacy invading law.
What are the citizens going to do? Riot?
Considering this is France, you’d think those at the top would be more aware than anyone of the risks of pissing off your citizens, but looks like they’ve become too comfortable and are practically begging for a refresher crash course…