Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Whatsapp, a Trojan horse for seekers of easy privacy?

Matt Johnson railmeat at gmail.com
Sat Jan 17 09:24:02 PST 2015


Hi,

Why would anyone bother to change your Twitter image? What do they gain
from that?

--
Matt Johnson


On Sat, Jan 17, 2015 at 9:00 AM, J.M. Porup <jm at porup.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/16/15 14:52, Cypher wrote:
> > On 01/15/2015 11:29 AM, carlo von lynX wrote:
> >> On Thu, Jan 15, 2015 at 08:49:31AM -0800, Steve Weis wrote:
> >>> Note you said "users will never know" if e2e is being used,
> >>> but as Moxie says "we'll be surfacing this into the UI" of
> >>> upgraded clients.
> >>
> >> There is a systemic legal problem by which neither Facebook, nor
> >>  Whatsapp, nor Textsecure nor Moxie are in a position to
> >> guarantee that whatever is surfaced into the UI actually means
> >> what it says.
> >
> > I was under the impression that the government couldn't make you
> > actively lie to someone. For example, if I have a message on my
> > page that says "we do not collect any user data" and the government
> > makes me collect data on an existing user, that's acceptable. But
> > they could not stop me from changing that sign and force me to lie.
> > I'd assume that would be the case with WhatsApp. Once the visuals
> > are surfaced, each new encrypted connection would be forcing the
> > service to actively tell a lie, which, as I understand it, isn't
> > legal. Of course, IINAL so I don't know.
>
> I would like to give a concrete example of "commandeering." Something
> that happened yesterday.
>
> I've been saying for a while now that Twitter has been commandeered.
> There's a great deal of circumstantial evidence pointing this way. I
> documented my research last March, here:
>
>
> https://medium.com/@toholdaquill/how-the-military-uses-twitter-sock-puppets-to-control-debate-and-suppress-dissent-a4ccba1e6f05
>
> Be sure to read the footnote about @Asher_Wolf.
>
> Then yesterday, I logged into Twitter, posted a couple of tweets, and
> realized that my outgoing tweets had been hacked to include a
> *different* image than my profile image.
>
> The image of a gun:
>
> https://twitter.com/toholdaquill/status/556102312494915586
>
> Now, you could argue that someone must have stolen my password and
> replaced my profile image. But that never happened. My profile photo
> never changed. Only my outgoing tweets contained a different profile
> image. To the best of my knowledge, it is not possible for Twitter
> users to maintain two different profile images at the same time.
>
> Additionally, the only operating systems I use are Qubes and Tails.
> That doesn't make my end points impregnable, but it makes
> opportunistic hacks rather unlikely.
>
> What does this mean?
>
> Either:
>
> 1) I am a complete liar / fraud / charlatan making this up to annoy
> everyone (because why?)
>
> or
>
> 2) Something like this happened:
>
> https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/
>
> Remember? "Change their photos on social networking sites"
>
> Now here's the rub: the Twitter API does not include an optional
> "second profile image" parameter. At least not publicly. See:
>
> https://dev.twitter.com/rest/reference/post/statuses/update
>
> Which means that, at the point of a court order / gun, Twitter has
> been coerced into putting that parameter into their code, and giving
> API keys to a thug who works for the FBI / CIA / NSA.
>
> And the funny thing? If they were trying to scare me, they failed. All
> they've done is make me angry.
>
> JMP
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJUupUxAAoJEGrDVsHXOmiEufMP/2RUsZG64bYTgTSwPctjtgbC
> ki8YMuELXs/VeTFDddWIQagikBgaYJxSY3zV/a/wpt0XPZiaIiQFQsLldZORGDFe
> zN1CVIGtvd7u5WyV3bly34TAoXTlmqipsHXMBv8uqz2MPZe1fWJ1Vda4JIEegPmj
> 9MUxfD+SfQaiTkIz/JoxfX0mKtSKf3G+yMhqqgkuYaMU2Xkx6q8PMlczKyuXIOCB
> Ll2lZ2XZR03jUHdnrnCnoYhvhlGyPlrysNvutanIdhW6OdOBSEWC+JnHCh6vCfRZ
> UwaMiHXcFLgcECP6JtT4xSmF5pD4+uIixWCC79HteVADUqM+Yu9HeAg0mbu9h1S1
> RoXmOuPGqaiFHDqcp1EYEj+GrpePaT0ZEC48d+7M0m5BDV5FqiK7VzvyN6zaul93
> JPC8M4EvCnCc+cyLvI6ZwY90YQoj9L80/qsBfk0U0uZjGV0KZcig6EBoVl+Y1lHO
> VJwg+J3fex7y6KkMA+Cu2XCCk30Nt2hO8dy2To0wb0RwPGNBjveNR82bE6KHLOwU
> niijVg+//aVJQ8oyspJwNvfbosFvHBGCZbCUYVP2cTVrDiEnE/WA7h31FSQ9Rj+g
> CpGttn9DECOz1rD/uUhF2neH9n7dNj8vC4dLJavzIgwEp6xukAu8d3WIFwmmtt3u
> hfIVBGXJf43LsL+9B2j7
> =IwE5
> -----END PGP SIGNATURE-----
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20150117/87fdd9b5/attachment.html>


More information about the liberationtech mailing list