this post was submitted on 12 Mar 2025
14 points (85.0% liked)

Technology

69449 readers
3876 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
14
Signal no longer cooperating with Ukraine on Russian cyberthreats, official says (therecord.media)
submitted 1 month ago by Sunshine@lemmy.ca to c/technology@lemmy.world
38 comments fedilink hide all child comments
top 38 comments
sorted by: hot top controversial new old
[–] homesweethomeMrL@lemmy.world 8 points 1 month ago* (last edited 1 month ago) (4 children)

First off, Signal hasn't said anything, this is an accusation made at a conference in Kyiv. So - who knows, they're behind, they don't have billions to support an army, who knows.

IF they have chosen to not help Ukraine where at all possible, that would be bad.

All of that said, if I was running a modern army using an encrypted chat app, I'd fucking have all that shit in-house, wtf. It's 2025. Ukraine already has a bunch of l337 h4X0rs. I'm sure they could slap something together in days and have it in the field in weeks.

[–] pntha@lemmy.world 4 points 1 month ago (1 children)

not to mention the Signal protocol is open source so they could literally build something in days and ensure the same encryption

[–] ForgotAboutDre@lemmy.world 3 points 1 month ago

Maintaining and testing such an app has costs and risks. They may think it’s more secure that signal does this. It is also harder to attack all of signal.

They are also significantly resource constrained, everything they have goes towards defence. The effort building the app could be deployed on developing weapon systems they can’t buy.

Your right nations should have their own independent systems for secure communications for military, politicians and civil service.

[–] corsicanguppy@lemmy.ca 4 points 1 month ago

I’m sure they could slap something together in days and have it in the field in weeks.

We make a lot of assumptions about how other people live, and what they have available.

[–] sugar_in_your_tea@sh.itjust.works 2 points 1 month ago (1 children)

Simplex is probably ready now. It's self-hostable, and has strong encryption.

[–] mohab@piefed.social 1 points 1 month ago (1 children)

I wish. SimpleX has a notification/delivery issue on iOS—it's not reliable at all over there.

[–] OhVenus_Baby@lemmy.ml 1 points 1 month ago

What about android?

[–] justOnePersistentKbinPlease@fedia.io 2 points 1 month ago (1 children)

Moreover, its not like Ukraine hasnt been pushing for localized tech stack since at least 2016-2018 ish.

[–] unexposedhazard@discuss.tchncs.de 1 points 1 month ago (1 children)

Yeah they are slowly moving to matrix afaik

[–] PotatoesFall@discuss.tchncs.de 7 points 1 month ago (2 children)

What exactly is the cooperation that Signal was doing beforehand? Signal claims to collect very little data so I'm not sure how exactly they help?

[–] socsa@piefed.social 0 points 1 month ago (1 children)

Russia was caught running a bunch of side channel and phishing attacks using malicious QR codes. Presumably signal could help track these patterns in terms of time and place, to help isolate where espionage activity was occuring.

[–] LastYearsIrritant@sopuli.xyz 4 points 1 month ago (1 children)

Except Signal should not have that data. They claim they do not log that information, so it should be impossible for them to do that.

Unless signal is lying, that's not something they can do.

[–] Sparkega@sh.itjust.works 1 points 1 month ago

Malicious QR codes were used to establish a separate device as a 'linked device' which would allow the attacker to receive and read Signal messages sent to and from the target

[–] corsicanguppy@lemmy.ca -1 points 1 month ago

so I’m not sure how exactly they help?

I would say yes, that you are not sure how exactly they help, if I'm answering your question as written.

[–] harcesz@szmer.info 5 points 1 month ago

This seems to be the only source for this information, while on the other hand I'm seeing this;

Wired: A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Google warns that hackers tied to Russia are tricking Ukrainian soldiers with fake QR codes for Signal group invites that let spies steal their messages. Signal has pushed out new safeguards.

[–] rottingleaf@lemmy.world 1 points 1 month ago (1 children)

Did it ever respond to those "requests"? What would Signal have anyway other than phone number to login association.

[–] Brkdncr@lemmy.world 0 points 1 month ago (1 children)

Call logs?

[–] einkorn@feddit.org 0 points 1 month ago (1 children)

Nope, all they collect is date of registration and last time the client connected to the server. Has been proven in court.

[–] sunzu2@thebrainbin.org 1 points 1 month ago

National security laws supercede the courts... If they called info on national security grounds, it would not be disclosed in court papers.

[–] sunzu2@thebrainbin.org 0 points 1 month ago (1 children)

The app?

[–] wesker@lemmy.sdf.org 0 points 1 month ago (1 children)

Yes.

[–] sunzu2@thebrainbin.org 0 points 1 month ago (1 children)

Damn... Hmm are they part of the US government?

[–] wesker@lemmy.sdf.org 0 points 1 month ago* (last edited 1 month ago) (1 children)

The article explains everything. The gist is Russians are targeting Ukrainians with phishing attacks via Signal. There also is the suggestion they're exploiting the linked devices functionality, though I'm not sure how.

[–] sunzu2@thebrainbin.org 0 points 1 month ago (1 children)

Appreciate this, I don't click links lol

Apparently if they can get you to scan some bogus qr code they can get you add their device to your account.

Why signal not cooperating tho? Following us government?

[–] variaatio@sopuli.xyz 2 points 1 month ago* (last edited 1 month ago)

Because they can't without backdooring the software? Just like they also refuse to co-operate with Swedish government and threatened to leave the market should Sweden try to force them.

You know Russian spies can also use TOR onion routing and so on.

As for phishing there is nothing Signal can do about someone scanning a signal contact sharing QR and adding it to their contracts list beyond informative "hey are you really sure, really really sure you want to add this contact". If user trusts someone they shouldn't, no amount of app policy protections help. Or maybe they manage to shish them to scan and approve "share account to another device". Again nothing Signal can do about that.

[–] timewarp@lemmy.world 0 points 1 month ago (1 children)

Give it time. Before long you'll see articles about how we need to ban encryption to help Ukraine fight Russia & Democrats will support it cause that is how clueless many of them are.

[–] TheTechnician27@lemmy.world 0 points 1 month ago (1 children)

Dude fuck off.

[–] dukethorion@lemmy.world 1 points 1 month ago (1 children)

Why? He's right...

[–] TheTechnician27@lemmy.world -1 points 1 month ago (1 children)

Not even close, but okay.

[–] thesmokingman@programming.dev 1 points 1 month ago

While I personally think a removal of encryption tends be on the other side of this conflict, I have been called a nonce several times by otherwise leftist folks because of my support for strong encryption(ie the only people who want encryption have something to hide ergo you’re a nonce). This is all anecdote so YMMV.

[–] knighthawk0811@lemmy.ml -1 points 1 month ago (1 children)

why aren't they using the matrix?

[–] oldfart@lemm.ee 0 points 1 month ago (1 children)

What's the difference in this context? Can't their enemies send dodgy links and QR codes on Matrix?

[–] knighthawk0811@lemmy.ml 0 points 1 month ago

they can send anything, but if they run their own matrix on their own servers then the data stays in house.... important for govt or military things

[–] postall@lemmy.world -1 points 1 month ago

Ok, they had choice to use Jami, app independent of anyone, but they chose centralization...