-
edhelas
https://www.nextinpact.com/article/46148/anom-cryptophone-dont-fbi-avait-clef
-
edhelas
(in french, but you can find the same news in english)
-
edhelas
basically the company that was selling those "cryptophone" was based on OMEMO
-
Ge0rG
literally or a similar concept?
-
edhelas
https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
-
edhelas
no no, literally if I read correctly
-
mathieui
Ge0rG, literally, but probably backdoored to an extent
-
Ge0rG
I don't see mention of that in https://archive.is/yOVBN
-
edhelas
https://upload.movim.eu/files/9d94237298995552fa13436420195fbca436dce7/DgJiRUXTGfbI/Capture_d_%C3%A9cran_2021-06-08_16-00-33.png
-
Daniel
Ge0rG: read the court documents
-
Daniel
That blog post is weird or only somewhat related
-
jonas’
> The lead architect for OMEMO’s integration into Anøm is Daniel Gultsch.
-
jonas’
> […] mentor to Andreas Straub, the creator of OMEMO.
-
jonas’
now that’s something to have your nametag on
-
moparisthebest
if it was a conversations fork, did they release the code GPL or not ?
-
Daniel
Sue the FBI?
-
Daniel
For GPL violation
-
moparisthebest
now you are talking Daniel !
-
Zash
Note to self: Restock on popcorn.
-
moparisthebest
jonas’, where did you find that text?
-
edhelas
Daniel maybe you can just ask them to do a PR in the Conversations sourcecode
-
edhelas
#EverythingWentBetterThanExpected
-
jonas’
to get the backdoor?
-
jonas’
moparisthebest, in the screenshot from edhelas
-
edhelas
jonas’ (don't say it out loud)
-
flow
Daniel, are court documents available?
-
jonas’
flow, https://www.documentcloud.org/documents/20799201-operation-trojan-shield-court-record
-
flow
jonas’, thanks
-
edhelas
https://upload.movim.eu/files/9d94237298995552fa13436420195fbca436dce7/G3USPUN6663d/image.png
-
edhelas
so looks like they have a weird JID naming convention
-
eevvoor
what which court and why?
-
eevvoor
What did I miss?
-
flow
eevvoor, https://www.vice.com/en/article/akgkwj/operation-trojan-shield-anom-fbi-secret-phone-network
-
flow
uh thunderstorm coming
-
edhelas
the app screenshots seems really different from Conversations, looks like they did some work on the fork
-
eevvoor
where do you know from that it is a conv fork?
-
edhelas
wild guess, but you're true, we don't know
-
eevvoor
I see
-
eevvoor
Sadly, I do not sell or consume cocaine, so I have not see Anon in real /s.
-
eevvoor
Stupid criminals, who uses encryption propagated as "ultra" secure 😂️?
- edhelas will propose a change on the OMEMO XEP to add the word "ultra secure" to it
-
edhelas
"military grade"
-
eevvoor
ultra is for loosers
-
eevvoor
supermegaultra
-
Daniel
There is also this video https://twitter.com/AusFedPolice/status/1402150051762171904
-
wurstsalat
"hyper secure", to give it a frech touch ;)
-
eevvoor
quantum is missing!
-
eevvoor
AI quantum super hyper ulta mega cool secure and safe encryption
-
eevvoor
* with a tiny backdoor for the five eyes and friendz
-
edhelas
they didn't even used the latest Gajim release with the nice UI changes
-
Daniel
I think the video is fairly old
-
Daniel
I don't really understand what the video is supposed to tell us
-
flow
yeah
-
flow
ausis don't wear shoes at home?
-
edhelas
I'm disappointed that they didn't used Matrix in the end
-
edhelas
maybe we can complete the https://xmpp.org/uses/social.html page :D
- eevvoor knows why they did not use matrix. XD
-
şişio
> eevvoor wrote: > eevvoor knows why they did not use matrix. XD Why?
-
eevvoor
quality ...
-
edhelas
because the FBI would only be able to arrest 16 guys and not 800
-
moparisthebest
XMPP: trusted by thousands of criminals
-
moparisthebest
FBI: violates copyright over 12,000 times!
-
eevvoor
We need good lawyers.
-
eevvoor
This should be a gold mine.
-
Zash
That's an odd spelling for "marketing department"
-
eevvoor
Daniel, be prepared to be rich.
-
eevvoor
XD
-
edhelas
hopefully they didn't used the name Jabber
-
edhelas
Cisco Lawyers Department enter the chat
-
moparisthebest
we probably don't want them in here... :)
-
şişio
I am scary
-
şişio
...
-
eevvoor
:D
-
mdosch
> I am scary > ... Your avatar doesn't scare me. 😜
-
şişio
😂
-
mdosch
Probably you meant 'I am scared.'
-
eevvoor
No.
-
mdosch
Never!
-
eevvoor
He wants to be scary in order to protect XMPP 🤣️
-
mdosch
Don't violate the license with your five eyes forks or şişio will come after you!
-
şişio
😂😂
-
eevvoor
🤣️☠️
-
rion
🤯
-
moparisthebest
wonder what server they used
-
edhelas
moparisthebest I'll be on ejabberd
-
edhelas
*bet
-
moparisthebest
what server would like to advertise "trusted by the FBI for their stings"
-
edhelas
Maybe we can ask the FBI to do a nice presentation for the next CCC ?
-
moparisthebest
special invitation to the next XMPP Summit ?
-
eevvoor
me too edhelas
-
deuill
The real question is, did they leave federation on?
-
moparisthebest
why not, maybe they caught some Conversations users too?
-
deuill
It being a federal network
-
edhelas
and the second real question is, did they also get spammed by russian bots ?
-
Menel
It is possible they would attend. ~propaganda~ PR to be "hip" and attract qualified computer specialists
-
jonas’
the third real question: Did they do it right, or did they accidentally overwrite the OMEMO node name breaking interop?
-
moparisthebest
the video shows it working with gajim, so I'd guess they did it right ?
-
deuill
Jokes aside, this is probably a good example of how simple XMPP is to operationalize and scale, and how easy it is to extend the app ecosystem with additional functionality.
-
deuill
I'm guessing the encryption itself wasn't compromised, but the app (having access to the plain-text) would simply forward discussions as they were received.
-
eevvoor
deuill, that is why I meant Matrix was not used.
-
moparisthebest
deuill, it explicitly says that's what happened (they also encrypted to a master key the FBI had)
-
eevvoor
Because XMPP is easily extendable and adjustable which Matrix does not allow.
-
edhelas
eevvoor yes but "everything in XMPP is XML and there is hundreds of XEPs !!!"
-
eevvoor
yeah terrible!
-
eevvoor
we are so unhip and oldschool and grey that even the FBI likes our stuf ::D
-
deuill
It'd be interesting to learn what the operational aspects of this were -- I wouldn't be surprised if they just ran this on some modest, single-node ejabberd setup.
-
edhelas
eevvoor so unhype that even IBM is now interested to invest money in XMPP
-
eevvoor
no, on an ultrasingled core single-node ejabberd out-of-the-box installation ;-D
-
edhelas
on a RPI
-
eevvoor
edhelas, exactly, you got it.
-
eevvoor
on Rasp I perhaps XD
-
moparisthebest
they said only 12,000 phones and 27 million messages ?
-
edhelas
easy
-
edhelas
that could fit on a cheap 20€/month server
-
moparisthebest
ejabberd handled 10 million devices sending 2 billion messages per day back in 2019 https://www.process-one.net/blog/ejabberd-nintendo-switch-npns/
-
edhelas
I'm more wondering if they actually had a network of servers
-
eevvoor
HPC
-
eevvoor
HPC cluster
-
mdosch
> Jokes aside, this is probably a good example of how simple XMPP is to operationalize and scale, and how easy it is to extend the app ecosystem with additional functionality. Just skimmed through and I thought they simply had a bad server used for their app which added an omemo id so they could read all messages. Did they do more? I'm only on mobile now so I didn't dig deeper.
-
eevvoor
mdosch, the same method you descibe was used for whatsapp, so yeah, why not reuse it? possible. likely.
-
şişio
What is the result?
-
eevvoor
the police can read vai the extra key.
-
eevvoor
şişio the trick is just that people do not check their keys. If they do, the problem does not occur.
-
eevvoor
So it is a trick on the people not on the technique.
-
eevvoor
And not on the encryption.
-
jonas’
or maybe they just patched that out and/or hardcoded the key into the app
-
eevvoor
An English Talk tomorrow 18 CEST online in the Berlin Meetup: https://mov.im/?node/pubsub.movim.eu/berlin-xmpp-meetup/acb235de-69bf-470f-8c5d-c7984f636d6c . Topic: Curated list of XMPP servers.
-
jonas’
(I would’ve done the latter I guess)
-
eevvoor
that would be really laughing at the people :D. You can hardly call it encryption then. :D Thats why FLOSS is so important - review, review, review the code.
-
eevvoor
emus and melvo will give the talk. We are happy if *you* join. 😀️
-
moparisthebest
mdosch, at a glance the court document says "master key" so I assume backdoored client
-
moparisthebest
much easier than writing a server module
-
jonas’
eevvoor, as if anyone ever does that (reviewing the code)
-
eevvoor
🍻️ drinking beer after the talk is a requirement to join. Virtual beer.
-
jonas’
moparisthebest, more importantly, more reliable
-
jonas’
eevvoor, oh, good to know, then I won’t appear :)
-
eevvoor
perfect :)
-
mdosch
eevvoor: What is a virtual beer? I want it physically!
-
eevvoor
yours is physical, the ones from the others is virtual
-
mdosch
Good. 😃
-
şişio
I hate beer
-
mdosch
Poor guy. Efes is tasty.
-
John
I'm thinking about Teleportation XEP
-
mdosch
Teleport whom to where and how?
-
John
Anywhere
-
moparisthebest
John, https://xmpp.org/extensions/xep-0183.html
-
emus
moparisthebest: I think that was one of the possibly best answers
-
Zash
Don't you know telepathy is a series of tubes? https://telepathy.freedesktop.org/xmpp/tubes.html
-
L29Ah
tubes huh
-
John
"Telepathy, direct transference of thought from one person"
-
L29Ah
i wonder if there's a working collaborative text editing solution that's not webshit these days
-
John
I want to teleport myself not my thoughts
-
L29Ah
John: so did you solve the Theseus paradox?
-
John
L29Ah: I never heard about it, I will look but I don't promise that I'll solve it
-
John
But I read that quantum teleportation is possible now
-
Zash
https://xkcd.com/465/
-
moparisthebest
John: if you can teleport your mind anywhere, you don't even need a body at all
-
John
moparisthebest: I agree
-
John
moparisthebest: when you teleport with your body https://m.imgur.com/gallery/zFMFzlW
-
L29Ah
John: If you're seeing this message, that means JavaScript has been disabled on your browser, please enable JS to make Imgur work.
-
John
L29Ah, https://i.imgur.com/zFMFzlW.mp4