Morocco was colonized by Spain, as were several other places in Africa, hell the Conquest of the Canary Islands was the first instance of European genocidal settler colonialism in Africa.

People have always migrated, but modern mass migration is a result of the economic extraction & resulting instability being so extreme that someone with minimal opportunities in Spain can make more money than your average person in a colonized country.

It’s not uncommon for migrants going from having middle class jobs (teachers, small business owners, etc) to cleaners and still having money to send home to support their family.

Additionally many people will migrate to Spain, England & France because their language is widely used in colonized nations.

No encryption is largely based on encryption algorithms, security is much broader than that.

It’s a lot easier to ship 1 app with a backdoor than reconstruct messages by scanning memory.

Can you label rules, that would be a better approach IMO.

Not familiar enough with UFW but could you parse the output and store the rules number as a variable if this is all one long running script?

I’m sure some rightoids will be mad, but if you don’t want people to migrate, you shouldn’t have colonized their homelands.

Sure but it by necessity sends some encrypted data to the server, Wireshark isn’t going to tell you if that’s just your message or your message and additional information.

Does WhatsApp make it visible when you add a new trusted device? Does Signal?

But yeah Meta have full control of the client and it isn’t audited so they could do it a lot of ways.

UK is requiring age verification on VPNs too

Nobody is saying signal is just as bad, simply that it’s not invulnerable to this kind of attack, even with reproducible builds, especially as we don’t know how the attack works.

When is the last time you checked the linked-devices tab in signal?

I didn’t realize Signal now has reproducible builds (in my defense it didn’t when it launched)

and you can monitor outgoing traffic on your devise to see whether the signal app is sending data that it shouldn’t.

This is mostly useless as the traffic signal is sending is encrypted, so you really have to just trust the code.

creating a backdoor to access plaintext messages is still very difficult if the app is well audited

Well audited is key, this attack likely works by doing something like adding Meta to the list of trusted devices, then hiding itself from the list (either because of code in the client or because it the meta device is only added for a moment), so the backdoor wouldn’t be send_all_messages_to_hq(), it would be in the code to list trusted devices, either explicitly hiding some devices or some sort of refresh timer that’s known so you can avoid being there when the UI is updated).

Or it works through the some other mechanism that still preserves E2E encryption.

The centralized server is only important because it sends you the message to get around the encryption (either adding a new client to your list of trusted clients or in some other way getting your client to send your messages to Meta).

If we trust the keys are possessed only by the generating device, then how does the encrypted message become compromised?

Because the client is capable of adding the backdoor, it isn’t comprosing the encryption. When you add a desktop client to your Signal account it doesn’t break E2E encryption either but your messages are visible in more places. That (or something like it) is what is being described, Meta aren’t decrypting your messages as they go through their E2E network, they are tapping them client side.

deleted by creator

E2E encryption doesn’t prevent client side attacks, I misspoke when I called it a side channel attack, and ultimately Signal code is audited, so Signal is more secure, but people are mistaking a client-side exploit (sent from Meta’s servers to the WhatsApp client) with breaking E2E encryption of whatsapp, which is not what is described in the article.

Yeah a size channel attack is when a poster can’t let go of how small their dick is so talks about how great Signal is all day.

Just because it’s centralized doesn’t mean that it falls under this risk sector.

The attack as described almost certainly involves the server sending a message to your client and then having the messages replicated via a side channel to Whatsapp without breaking E2E encryption (it could be adding them as a desktop client or adding them as a hidden participant in all chats, that isn’t clear in the article)

If you could run Whatsapp without connecting to Meta, you would be safe from this attack, but as you’ve pointed out a secure client is a better solution.

The attack as described almost certainly involves the server sending a message to your client and then having the messages replicated via a side channel to Whatsapp without breaking E2E encryption.

But yes the point is you can’t trust the clients.

If you could run Whatsapp without connecting to Meta, you would be safe from this attack, but as you’ve pointed out a secure client is a better solution.

seriously, if my comment is being upvoted, it’s because I responded to yours, and people understand what I am saying in response.

Lmao, sure buddy pat yourself on the back because you got upvotes.

You’re talking about E2E encryption as if it prevents side-channel client side attacks, but sure morons will upvotes because they also don’t understand real world security.

The only useful thing you’ve pointed out in your deluge of spam, is that Signal builds are reproducible which does protect against the attack described (as long as there isn’t a backdoor in the published code)

You fundamentally DO NOT UNDERSTAND how security works, go play with your algorithms and stop spamming my replies.