Read cyber chats
Signal had a recent problem, first reported by Motherboard, where a fix for one bug inadvertently created another that failed to delete a set of messages users had set to disappear.The app quickly resolved the issue, but the situation serves as a reminder that all systems have flaws."Encrypted communication apps are tools, and just like any other tool, they have limited uses," says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation.From there, the message isn't reconstituted into something understandable until it reaches the receiver's device.
In another current investigation, the FBI was able to access Signal messages sent by former Senate Intelligence Committee aide James Wolfe, and had at least some information about the encrypted messaging habits of reporter Ali Watkins, after the Justice Department seized her communications records as part of a leak investigation.It essentially amounts to a bodyguard who picks you up at your house, rides around with you in your car, and walks you to the door of wherever you're going. In particular, if you don’t trust the people you’re talking to, you’re screwed."On one level it's obvious that both you and the person you're chatting with have access to the encrypted conversation—that's the whole point.You're safe during the transport, but your vigilance shouldn't end there."These tools are hugely better than traditional email and things like Slack" for security, says Matthew Green, a cryptographer at Johns Hopkins University. But it's easy to forget in practice that people you message with could show the chat to someone else, take screenshots, or retain the conversation on their device indefinitely.However, the data is decrypted when it reaches your phone."That's where operations security comes in, the process of protecting information by looking holistically at all the ways it could be obtained, and defending against each of them.An "opsec fail," as it's known, happens when someone's data leaks because they didn't think of a method an attacker could use to access it, or they didn't carry out the procedure that was meant to protect against that particular theft strategy.