"Deleting WhatsApp chats doesn’t delete shit nothing."
Apple’s iMessage too! ("Signal leaves virtually nothing.") Quote source @thegrugq, Twitter https://twitter.com/thegrugq/status/758833939020521472 WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted Posted on July 28, 2016 Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely. To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the “Clear All Chats” function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database. More, including 'How WhatsApp Can Fix This': http://www.zdziarski.com/blog/?p=6143
On 07/28/2016 10:47 PM, Bastiani Fortress wrote:
I installed signal on my phone with some enthusiasm, but it's practically useless because no one around me adopted it yet. It's sad that once a "social" app dominates the market, it's very hard to get people to switch to better alternatives unless there is a security scandal or something. Same goes with ring...
Personally I think having to expose the phone number of a smartphone to another user to establish a chat is an incredible security risk in the short and long run and leads to all sorts of metadata harvesting of your unencrypted info. It appears one should keep a low-budget smartphone for that use instead of their main number for better persec. I questioned Morgan Mayhem (Intercept's sysadmin/cybersec guy) about that when he broached how secure signal is (he's one of the developers) on his twitter feed. Never got a reply. Telegram allows the use of an @name instead of exposing your number if you set up an account but I'm unsure what happens when a connection is established and the contact is added to you contact list Rr
4:53 AM, July 29, 2016, Rayzer <rayzer@riseup.net>:
Apple’s iMessage too! ("Signal leaves virtually nothing.")
Quote source @thegrugq, Twitter https://twitter.com/thegrugq/status/758833939020521472
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
Posted on July 28, 2016
Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.
To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the “Clear All Chats” function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.
More, including 'How WhatsApp Can Fix This': http://www.zdziarski.com/blog/?p=6143
-- You’re not from the Castle, you’re not from the village, you are nothing. Unfortunately, though, you are something, a stranger.
And signal refuses to work with my SIP number on Android 6. Which makes it almost a non starter (that and the stated lack of adoption).. John On July 29, 2016 10:51:09 AM EDT, Rayzer <rayzer@riseup.net> wrote:
On 07/28/2016 10:47 PM, Bastiani Fortress wrote:
I installed signal on my phone with some enthusiasm, but it's practically useless because no one around me adopted it yet. It's sad that once a "social" app dominates the market, it's very hard to get people to switch to better alternatives unless there is a security scandal or something. Same goes with ring...
Personally I think having to expose the phone number of a smartphone to another user to establish a chat is an incredible security risk in the short and long run and leads to all sorts of metadata harvesting of your unencrypted info. It appears one should keep a low-budget smartphone for that use instead of their main number for better persec.
I questioned Morgan Mayhem (Intercept's sysadmin/cybersec guy) about that when he broached how secure signal is (he's one of the developers) on his twitter feed. Never got a reply.
Telegram allows the use of an @name instead of exposing your number if you set up an account but I'm unsure what happens when a connection is established and the contact is added to you contact list
Rr
4:53 AM, July 29, 2016, Rayzer <rayzer@riseup.net>:
Apple’s iMessage too! ("Signal leaves virtually nothing.")
Quote source @thegrugq, Twitter https://twitter.com/thegrugq/status/758833939020521472
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
Posted on July 28, 2016
Sorry, folks, while experts are saying the encryption checks out in WhatsApp, it looks like the latest version of the app tested leaves forensic trace of all of your chats, even after you’ve deleted, cleared, or archived them… even if you “Clear All Chats”. In fact, the only way to get rid of them appears to be to delete the app entirely.
To test, I installed the app and started a few different threads. I then archived some, cleared, some, and deleted some threads. I made a second backup after running the “Clear All Chats” function in WhatsApp. None of these deletion or archival options made any difference in how deleted records were preserved. In all cases, the deleted SQLite records remained intact in the database.
More, including 'How WhatsApp Can Fix This': http://www.zdziarski.com/blog/?p=6143
-- You’re not from the Castle, you’re not from the village, you are nothing. Unfortunately, though, you are something, a stranger.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
I laught at all this bullshit. If you don't personally know interlocutor or can't be bothered to look them up and nego acceptable flag waving pursuant to id'd comms, you're stupid. All this buddy list contact list email @ phone number sharing invite feature bullshit is well NON feature and privacy fucking NSA tracking advertising BULLSHIT. Advertise your own discrete contact fingerprints on nets or be happy as random anons.
Same goes for adoption. If you can't convince to run then you ain't got shit to sell, you're not important enough, or youi're too crazy. To them.
On 07/29/2016 11:54 PM, grarpamp wrote:
I laught at all this bullshit. If you don't personally know interlocutor or can't be bothered to look them up and nego acceptable flag waving pursuant to id'd comms, you're stupid. All this buddy list contact list email @ phone number sharing invite feature bullshit is well NON feature and privacy fucking NSA tracking advertising BULLSHIT. Advertise your own discrete contact fingerprints on nets or be happy as random anons.
Ahem... I don't mean to sound profound here, but you can do both. You can have a public and secret presence on the intertubz. It DOES help dramatically if you have two entirely different sets of communications tools but even it you don't ... How arrogant are the 99.9999% of users to think they're more than a flyspeck on the windshield of the NSA's locomotive? That you matter to them and are worth spending more than a few nanoseconds on? Rr
On Sat, 30 Jul 2016 07:18:48 -0700 Rayzer <rayzer@riseup.net> wrote:
How arrogant are the 99.9999% of users to think they're more than a flyspeck on the windshield of the NSA's
torbot rayzer doing his job again - telling people to use garbage like tor and telling people that the government isn't really paying attention. locomotive? That you matter to
them and are worth spending more than a few nanoseconds on?
Rr
On 07/30/2016 12:21 PM, juan wrote:
On Sat, 30 Jul 2016 07:18:48 -0700 Rayzer <rayzer@riseup.net> wrote:
How arrogant are the 99.9999% of users to think they're more than a flyspeck on the windshield of the NSA's
torbot rayzer doing his job again - telling people to use garbage like tor and telling people that the government isn't really paying attention.
I didn't tell anyone to use tor in my post and that's right... They aren't really paying attention. They're just storing data for "attention" at some point when it becomes worthwhile to them. In five minutes, 5 hours, years, or never. The idea is to fly under the radar so it's 'never'. Once you're on their radar there's (snigger) "No Place To Hide" (the title of Greenwald's book about hooking up with Snowden), Rr
locomotive? That you matter to
them and are worth spending more than a few nanoseconds on?
Rr
On 07/31/2016 10:04 AM, Bastiani Fortress wrote:
Did you just propose we send everything in cleartext :D
Not EVERYTHING! Go about your biz... Nothing to see here. Just some dickpics, move along. But if you need security. Use a computer you've never used before in a town or place you've never been before for your secure coms then destroy it and do the same with the $5 burner phone from 7-11. I figure it would take at least a 1/2 hour or so before a Predator Drone made it to that location from the nearest military base so you have some time. The implication is if you're publicly 'subversive' on the internet in any way that's really a threat there's no way to secure anything and you're essentially, as someone once said about 'revolutionaries', a 'dead man on furlough'. Rr
4:59 AM, July 31, 2016, Rayzer <rayzer@riseup.net>:
On 07/30/2016 12:21 PM, juan wrote:
On Sat, 30 Jul 2016 07:18:48 -0700 Rayzer <rayzer@riseup.net> wrote:
How arrogant are the 99.9999% of users to think they're more than a flyspeck on the windshield of the NSA's
torbot rayzer doing his job again - telling people to use garbage like tor and telling people that the government isn't really paying attention.
I didn't tell anyone to use tor in my post and that's right... They aren't really paying attention. They're just storing data for "attention" at some point when it becomes worthwhile to them. In five minutes, 5 hours, years, or never. The idea is to fly under the radar so it's 'never'.
Once you're on their radar there's (snigger) "No Place To Hide" (the title of Greenwald's book about hooking up with Snowden),
Rr
locomotive? That you matter to
them and are worth spending more than a few nanoseconds on?
Rr
-- You’re not from the Castle, you’re not from the village, you are nothing. Unfortunately, though, you are something, a stranger.
Rayzer dear... Meh! :(((( http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-m... https://telegram.org/blog/15million-reuters PS: - Sorry, still late! :P (And if you are boring and invasive, I certainly will be late forever! Give up, baby!)
On 08/02/2016 03:16 PM, Cecilia Tanaka wrote:
Rayzer dear... Meh! :((((
http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-m...
https://telegram.org/blog/15million-reuters
PS: - Sorry, still late! :P
(And if you are boring and invasive, I certainly will be late forever! Give up, baby!)
which can be intercepted by the phone company and shared with the hackers,
With this: The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs. As a redundancy and elaboration of the former quote including Multisyllabic phrases such as "systematic de-anonymization" to muddle the issue, and make it appear to be another issue when it isn't. Apparently all they got are the phone numbers from the sms verification, and hackers didn't do it. The phoneco GAVE THEM the info. It requires complicity on the part of the utility. Which is something one can assume any commercial service would do if a government requests and under THEIR LAW (Iran in this case) claims criminal activity. The extraction of data they can do with that phone number It requires that you never set up an account with password. A burner smartphone, which by the way US Congress is trying to outlaw, circumvents. Set up a passworded account using a throwaway email. Done. Telegram has always cajoled people to set up an account with password for extra security Listen, as I've been repeating over an over sometimes directly, sometimes indirectly ... bad PERSEC/CYBERSEC screws you so much more often than the communications method or it's potentially compromised code. Probably 99% of the time but I've never crunched the numbers. NO ONE can hold your hand to make sure you do it right. If your life or freedom depend on it YOU DO IT RIGHT. Rr
participants (7)
-
Bastiani Fortress -
Cecilia Tanaka -
grarpamp -
John -
juan -
Rayzer -
Spencer