Curious what you guys think of a service provider who is based in Greece. My initial reaction was a +1 since it’s not in the jurisdiction of the US and are not part of the 5, 9, or 14 eyes. But their history, especially, especially the Vodafone wiretapping scandal, is worrisome. Here’s what I’m thinking:
Pros
Outside the US
Falls under GDPR
Cons
Vodafone wiretapping scandal [1]
Multiple instances of blocking and restrictions [2] [3]
In our case the ISPs have spoofed the A records of the gambling domains to point to a local server or a proxy server. As a result, any email delivery will fail and the user will only realize this after hours or even days (depending on their SMTP server configuration). This implies tremendous negative impacts and leads to a restriction of fair markets and business regulations, i.e., a user trying to communicate with any business (all of the censored websites are businesses) will find himself unable to do so. Out of eight ISPs only one (Ote ISP) found to sync the MX records from some (but not all) of the blacklisted domains. However, it remains unclear if and how often these records are updated.
That’s mostly VPN marketing material these days. With everything being HTTPS it really doesn’t matter. Also other countries have such interception programs. So I wouldn’t call that a pro, when you say compare to CN or RU.
Probably want to look at what bills have tried to pass eg like this one:
So wait. I get the advantage of HTTPS and the security it offers but how can you say that countries collaborating on surveilling citizens is VPN marketing material? Especially considering that Operation Trojan Shield was as recent as 2021…
Literally only criminals used an0m, so not at all relevant. That is why the first anyone heard of it was when the police made their announcement about it.
No what I am saying is “concern” about “eyes” is VPN marketing material, there are plenty of these signals intelligence agreements, (mostly unnamed) and largely they aren’t too useful with https employed everywhere (which wasn’t the case when those Snowden leaks happened).
Of course if you’re really concerned, strong audited E2EE is the only solution, not jurisdiction shopping.
Last time I checked supposedly only criminals use ProtonMail and Tor as well.
Pretty weak metric in my opinion and also irrelevant.
Naturally the answer lies in strong cryptography - but dismissing the conversation as “jurisdiction shopping” is a bit careless. In some cases jurisdiction can mean everything. Personally I consider jurisdiction to be as equally important as other deciding factors. If I were a whistleblower, investigative journalist, etc - I’d want to know that the country I am operating from is least likely to cooperate with bullying nations and certainly one where my metadata is not some commodity to be traded.
Did you even read the wiki article. They arrested some dude, and then cops distributed it to criminal members of criminal gangs. There were very few users.
Around the same time, the San Diego FBI branch had been working with a person who had been developing a “next-generation” encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then use his contacts to distribute it to TCOs through existing networks.[3][4] Before the devices were put to use, however, the FBI, and the AFP had a “back door” built into the communication platform which allowed LEA to decrypt and store the messages as the messages were transmitted.[1] The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018.[5]
The app was opened by entering a specific calculation within the calculator app, described by the developer of GrapheneOS as “quite amusing security theater”,[9] where the messaging app then communicated with other devices via supposedly secure proxy servers, which also – unknown to the app’s users – copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing remote access to the devices.[4][10] The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other.[10]
About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs.[2][4] About 125 devices were shipped to different drop-off points to the United States in 2020.[11]
Use of the app spread through word of mouth,[4] and was also encouraged by undercover agents;[12] drug trafficker Hakan Ayik was identified “as someone who was trusted and was going to be able to successfully distribute this platform”, and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use.[12][13] After users of the devices requested smaller and newer phones, new devices were designed and sold; customer service and technical assistance was also provided by the company.[5][9] The most commonly used languages on the app were Dutch, German and Swedish.[14]
Pretty sure Tor and Proton Mail have a quite different origin story
Which ironically the US is not the worst in that case. A country with very little judicial oversight is going to be a lot worse than an “eyes” country. Having said that a country with GDPR is probably a good choice as a lot of countries simply don’t have an equivalent law.
I did, and actually it bothered me after I learned more than I originally knew. The whole concept of releasing something into the wild and hoping for the best reminds me of Operation Fast and Furious. I wonder what safeguards were in place to prevent the FBI from inadvertently spying on American citizens which is prohibited under United States Code Title 50, Chapter 36, Subchapter 1, Section 1809. I mean surely they had a conversation about what would happen if the app gained some level of popularity causing them to gather more data than allowed/intended?
9,000 devices doesn’t sound like “very few users”.
After a slow start, the rate of distribution of ANOM increased from mid-2019. By October 2019, there were several hundred users. By May 2021, there had been 11,800 devices with ANOM installed, of which about 9,000 were in use.[2]
What I love, too, about the Wiki article is that the following quote
who had been developing a “next-generation” encrypted device for use by criminal networks.
is completely unsourced and I would venture say is completely fabricated.
Also, since you’re completely hung up on this one “legit” operation, I wonder if you would work through this list with me and figure out how many of these were legit and authorized?
United States
PRISM - NSA program to collect internet communications from various U.S. internet companies.
BULLRUN - NSA program to undermine encryption standards and devices.
STELLARWIND - NSA warrantless surveillance program initiated after the 9/11 attacks.
BOUNDLESS INFORMANT - Tool used by the NSA to analyze global data collections.
XKEYSCORE - NSA tool to search and analyze global internet data.
UPSTREAM - Collection of communications on fiber cables and infrastructure as data flows past.
ECHELON - Signals intelligence (SIGINT) collection and analysis network operated by the U.S. with the Five Eyes.
CARNIVORE - FBI system to monitor email and electronic communications.
TRAILBLAZER - NSA program intended to analyze data carried on communications networks.
TURBULENCE - NSA program for advanced network exploitation and analysis.
MAINWAY - NSA database containing metadata for billions of telephone calls.
TINPAN ALLEY - NSA program for large-scale collection of cellphone location data.
FAIRVIEW - NSA program to collect phone, internet, and e-mail data in bulk from the American telecommunications company AT&T Inc.
MYSTIC - NSA program to collect metadata and content from phone calls in several countries.
SHAMROCK - NSA program to intercept all telegraphic data entering or exiting the United States.
United Kingdom
TEMPORA - GCHQ program to tap into and store data from cables carrying global internet traffic.
SQUEAKY DOLPHIN - GCHQ program to monitor and analyze social media data.
OPTIC NERVE - GCHQ program to collect webcam images from Yahoo users.
Canada
LEVITATION - Communications Security Establishment Canada (CSEC) program to monitor file uploads and downloads.
Probably the fact that it was only given to people who they had a reason to watch.
All quite irrelevant because programs like that exist in a lot of major backbones of the internet. There would be many more out there which simply are not named because they are still secret. Realistically though none of them really matter if you’re using E2EE and not sharing everything about yourself on public websites.
A lot of these programs simply would be thwarted by HTTPS nowadays as they call this “dragnet surveillance”. PRISM is about the only one which involved entry into the backend of systems, and if you’re self hosting you’re not going to be a part of that.
did you even read the article. Or do you just normally fail at reading comprehension.
Use of the app spread through word of mouth,[4] and was also encouraged by undercover agents;[12] drug trafficker Hakan Ayik was identified “as someone who was trusted and was going to be able to successfully distribute this platform”, and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use.[12][13] After users of the devices requested smaller and newer phones, new devices were designed and sold; customer service and technical assistance was also provided by the company.[5][9] The most commonly used languages on the app were Dutch, German and Swedish.[14]
Please tell me why I should feel sorry that criminals got tricked by a drug trafficker. Totally legit citizen I bet Hakan Ayik is. Went off to Turkey and still got arrested.
did you even read the article. Or do you just normally fail at reading comprehension.