Fascinating read on how the FBI ran Anom encrypted phone company. In particular:

“We wanted to shatter the trust in the encrypted phone industry that catered to criminals.”

The question remaining is: how can we as non-criminals still trust encrypted messengers?


The FBI had to disclose their operation at some point for legal reasons. Russian or Chinese APTs are not bound by such rules. How do we know that they haven’t compromised some encrypted messengers already and are reading all communications?


And with Signal making rather questionable crypto decisions lately, how do we know who is currently pulling the strings there?


· · Web · 2 · 0 · 2

Yes, it’s easy to get all paranoid here. The big question is whether the paranoia is justified, and I don’t expect the answer to turn up any time soon. All we get is a suspicion that there might be more things going on than busting drug cartels.

@WPalant FWIW, Mudge continuing to work there is a decent canary. It's not that he wouldn't work with feds, but he would absolutely walk before agreeing to knowingly weaken something to make anyone other than users' lives easier

Of course he could still be duped and make mistakes, but he has a solid history of giving the finger to anyone trying to pull his strings

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.