Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

lemmyreader ,

TL;DR

Don’t use snapchat

TIL that Snapchat is an app used in 2024 without E2EE, Wikipedia article on Snapchat :

Encryption

In January 2018, Snapchat introduced the use of end-to-end encryption in the application but only for snaps
(pictures and video), according to a Snapchat security engineer presenting at the January 2019 Real World Crypto
Conference.[138][139][140] As of the January 2019 conference Snapchat had plans to introduce end-to-end encryption for
text messages and group chats in the future.[141]

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

Its also proprietary so any claim can't be trusted.

dubyakay , (edited )

Well, doesn't matter if it's proprietary. Just need to sniff packets and you'd find out if they are encrypted or not, no?

Edit: looks like it's not E2E truly. It might be encrypted in flight, but snapchat as an entity can read anyone's messages. They have a policy to act on threats within thirty minutes and report it to the authorities. Dystopian.

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

It very much matters. When something is proprietary there is a, no alternatives that will function exactly the same and b, you don't know what its really doing. For all you know its detecting the sniffing and changing its behavior.

Additionally how do you know what's being sent if its encrypted.

dubyakay ,

Yeah, see my edit.

Before the edit, I just meant the technicality itself: is it actually encrypted or is it plain text? This would have mattered if the state intercepted the message somehow, spying on their citizens. But apparently they did not, because snapchat leaked the data to them in a semi-automated manner: auto-generated incident report based on filtering gets escalated to authorities.

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

No matter what it was this is just a reminder to use Foss encrypted chats that have been validated by at least one security audit.

yogthos ,
@yogthos@lemmy.ml avatar

I think the most newsworthy part of this is that UK monitors private communications of British citizens. The person was making an obvious joke within a private snapchat group of his friends who knew this was a joke. There was no threat and no hoax because this was a private chat where everybody had context that this was a joke. This is what life in a dystopian surveillance state is like.

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

I think its likely more than the UK. Honestly I wouldn't be surprised if there was some government contractor doing the monitoring

yogthos ,
@yogthos@lemmy.ml avatar

indeed

puzzledice ,

Probably as part of a new pre-screening program for employers!

KarnaSubarna ,
@KarnaSubarna@lemmy.ml avatar

Update: https://www.bbc.com/news/world-europe-68099669

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

That's a reasonable ruling. He honestly could sue if he wanted.

Gooey0210 ,

You were convicted of thought crime, next time think what you.. think, punk

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

Exactly, this is such a silly case. I think its even funnier that he was interviewed by MI6 and MI7

vsis ,
@vsis@feddit.cl avatar

Probably Snapchat or the phone automatically reported something.

I don't believe the Snapshat app doesn't use TLS, nor the airport performed some sophisticated man-in-the-middle attack.

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

Its called mass surveillance. Everything you do and say is being recorded. End to end encryption will only buy you time. (Side note: don't trust proprietary apps)

mariusafa ,

PRISM

FiskFisk33 , (edited )

he wrote "On my way to blow up the plane (I'm a member of the Taliban)." in a private group chat on snap chat

...a private group chat. Nothing stupid like posting it on xitter or other public place.

Its a fucking in-joke. Do I need to worry about what I say to my friends now in private and worry about what my friendly local government spy would think about it... ?

All this invasion of privacy all these years and all they have to show for it are a few false positives.

JohnnyCanuck ,

In general I agree, but there's no privacy on airport Wi-Fi. And very little at an airport in general.

Deckweiss ,

Shouldn't it be all encrypted with SSL?

All the airport wifi could do is see the DNS requests (and the modern trend is to have DoH or DoT enabled by default, for example in the up to date versions of Android)

JohnnyCanuck ,

From the article:

A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.

Public wifi without a VPN is like sex without a condom. The connection may not be encrypted (very risky) and even if it is, you are still susceptible to man-in-the-middle attacks: https://www.garlandtechnology.com/blog/how-to-monitor-encrypted-traffic-and-keep-your-network-secure

I guarantee there will be a flood of articles about this over the next few days because of what I quoted above.

It's also possible that one of his "friends" reported him or something like that.

CrypticCoffee ,

"A key question in the case was how the message got out, considering Snapchat is an encrypted app.

One theory, raised in the trial, was that it could have been intercepted via Gatwick's Wi-Fi network. But a spokesperson for the airport told BBC News that its network "does not have that capability".

In the judge's resolution, cited by the Europa Press news agency, it was said that the message, "for unknown reasons, was captured by the security mechanisms of England when the plane was flying over French airspace"."

https://www.bbc.co.uk/news/world-europe-68099669

MigratingtoLemmy ,

Please explain to me how using Public WiFi is unsafe if the traffic is encrypted with TLS. Unless they somehow installed a keylogger on everyone connected to said Wifi and picked it up from there, the only way this was possible was on some quick text analysis and recognising the IP address from Snapchat

JohnnyCanuck ,

The link I provided explains it. They can decrypt traffic through their own devices.

sir_reginald ,
@sir_reginald@lemmy.world avatar

it's probably some sort of Snapchat automatic alert detecting the words bomb or Taliban.

FiskFisk33 ,

I wouldn't expect my data to be secure, but I wouldn't expect to be prosecuted as if I had willfully made it a public statement.

grayman ,

Snapchat gave the info to police. From BBC:

On its website, in a section titled "How We Work with Law Enforcement Authorities", Snapchat says one of its goals is to "maintain a safe and fun environment where Snapchatters are free to express themselves and stay in touch with their real friends".

It adds: "We also work to proactively escalate to law enforcement any content appearing to involve imminent threats to life, such as school shooting threats, bomb threats and missing persons cases, and respond to law enforcement's emergency requests for disclosure of data when law enforcement is handling a case involving an imminent threat to life.

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

Honestly I hope that this trial is swift and that the government ends up paying him for lost time and money.

On the other hand this is a really good reason to use encrypted communications

Zoop ,

He was acquitted, thankfully.

Gooey0210 ,

And then you see the recent news about some presumably terrorists having "tails" and "signal" as evidence in their case

mariusafa ,

PRISM

FiskFisk33 ,

The spying is not what suprises me, it's the prosecution. I see why the term matched, I just don't see why it would be illegal.

SheeEttin ,

Yes, especially in the UK, since they're a surveillance state.

There are some things that will always get flagged on any platform. This, drugs, and connections to sanctioned countries, for example. I've heard of people in the US having their Venmo accounts suspended because they put "Havana" in the transaction description. Havana is a local dance club.

autotldr Bot ,

This is the best summary I could come up with:

If found guilty, the university student faces a hefty bill for expenses after two Spanish Air Force jets were scrambled.

Mr Verma's message was picked up by the UK security services who flagged it to Spanish authorities while the easyJet plane was still in the air.

A court in Madrid heard it was assumed the message triggered alarm bells after being picked up via Gatwick's Wi-Fi network.

Appearing in court on Monday, Mr Verma - who is now studying economics at Bath University - said the message was "a joke in a private group setting".

He said that the plane's pilot made an announcement, telling passengers that the fighter jets had been scrambled because of a distress signal that had been sent by mistake.

Mr Verma is not facing terrorism charges or a possible jail term, but could be fined up to €22,500 (£19,300) if found guilty and the Spanish defence ministry is demanding €95,000 in expenses.

The original article contains 470 words, the summary contains 157 words. Saved 67%. I'm a bot and I'm open source!

possiblylinux127 OP ,
@possiblylinux127@lemmy.zip avatar

Just for anyone curious, he wrote: "On my way to blow up the plane (I'm a member of the Taliban)." in a private chat.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • incremental_games
  • random
  • meta
  • All magazines
    •