Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

Rich Kulawiec rsk at gsp.org
Sun Jan 15 08:40:13 PST 2017


On Sun, Jan 15, 2017 at 08:47:51AM -0600, Andr??s Leopoldo Pacheco Sanfuentes wrote:
> Anybody serious about decryption cannot use standard social networks,
> which are predicated on access to private data for marketing and
> "development" (eg, as test data for new features, debugging, etc)
> purposes, and naturally open to government intrusion with few
> exceptions that have proven irrelevant in the final analysis [snip]

I concur completely.  I'd also like to ask a pointed question, in re
the phrase "naturally open to government intrusion":

Do you [generic you] think that everyone working AT Facebook is working
FOR Facebook?

Of course they're not.  Any intelligence agency worth its name has
long since planted their own people inside.  It's an obvious, cheap,
effective, easy, very-low-risk potentially-high-reward move.

Plus: they get paid twice.  And if caught, they don't get executed
for espionage: they just get fired.  (Fired *quietly*.  Do you really
think Facebook would want it publicly known that an Elbonian agent was
working in devops for 6 years?  Hint: what would that do to their stock
price and 4Q earnings?)  And then they get replaced.

(And please don't tell me that Facebook could stop this.  Given that
intelligence agencies routinely plant people *inside each other*,
I sincerely doubt that they'd have any trouble getting their folks
past whatever security theater Facebook uses to screen employees.)

The same is no doubt true of any sufficiently-large "social network"
or cloud computing operation: Twitter, AWS, etc.  All that fruit hangs
much too low to be left unpicked.  The upside is huge, the downside
is negligible.

So I think the operational question is not "are they present?" --
the question is "what do they have access to?"

---rsk



More information about the liberationtech mailing list